Cybersecurity is crucial in 2024 when businesses and individuals rely on the internet for daily operations. In 2023 alone, we've witnessed several cybersecurity incidents that remind us of the importance of staying ahead of emerging threats.
In this post, we'll explore the top five cyber security incidents and stories of 2023 and how organizations and business leaders dealt with and learned from them. From the United States National Cybersecurity Strategy to the MOVEit attacks orchestrated by the Clop group, we'll see how even the most technologically advanced companies are susceptible to cyber threats, and how businesses can act to mitigate these threats in 2024.
The Most Impactful Stories in Cyber Security 2023
1: The New US National Cybersecurity Strategy
Cybercrime and cyber insecurity are ranked as the 8th most severe risk in the World Economic Forum's Global Risks Report for 2023, not just in the short term but also over the next decade.
In March 2023, President Joe Biden introduced the National Cybersecurity Strategy, a comprehensive plan to enhance online security for all. The initiative is part of a broader effort by the Biden administration to improve technology and cyber governance. The strategy aims to hold technology companies accountable, strengthen privacy protections, and promote fair competition within the vast online domain.
The US government has developed a comprehensive cybersecurity strategy to protect the country's critical infrastructure and combat cyber risks and threats. The strategy has five pillars, each with specific objectives to ensure the security and resiliency of the nation's digital landscape.
2: The Lockbit ‘Cyber Incident’ at Boeing
Boeing, a leading aerospace company, faced a cybersecurity threat in 2023 that affected its parts and distribution business. The incident raised questions about the safety of sensitive data and came to light after the Lockbit cybercrime group issued a ransom threat. Although Boeing confirmed that flight safety was not compromised, the potential exposure of critical data prompted the company to take swift action and collaborate with law enforcement.
Lockbit has a history of targeting organizations worldwide, and despite Boeing's efforts to secure its systems, the extent of data compromise remains unclear. As the company works to manage the incident and coordinate with regulatory authorities, the event highlights the persistent threats that even the most substantial players in the cybersecurity game face.
This situation highlights how important it is to protect our data from ransomware attacks. We must take proactive steps to defend ourselves and work with law enforcement to stay ahead of potential threats in the digital world.
3: The MOVEit Attacks
This cyber attack involves a group known as Clop, which primarily operates in the Russian-speaking region. Their modus operandi was to exploit a critical vulnerability within Progress' MOVEit file transfer tool to steal data and leak it on their website on the dark web.
The attack against MOVEit commenced in May 2023, and instead of encrypting the files, Clop threatened to publish the stolen data on the internet if the victim companies didn't pay them. This is an unconventional approach, as most hackers resort to encryption and demand a ransom to release the data.
This attack affected big corporations such as IBM, Cognizant, and Deloitte. It impacted many individuals and entities, with approximately 2,667 organizations and 84 million people caught in its digital grip. By July, it was estimated that Clop could have potentially made between $75 million and $100 million from this cyber attack alone.
Other major incidents in the MOVEit campaign included the breach of the Louisiana Office of Motor Vehicles (up to 6 million Louisiana residents impacted) and the Oregon Driver and Motor Vehicles division of the Oregon Department of Transportation (3.5 million Oregon residents impacted).
This incident is considered one of the most significant data breaches in recent memory, impacting people across different industries, and underscores the importance of a secure document management system.
4: The Breach of US Government Email Accounts by Chinese State Hackers
Microsoft revealed that a Chinese-state advanced persistent threat (APT) actor, Storm-0558, infiltrated email accounts across multiple US government agencies. This digital security breach remained undetected for over a month until Microsoft intervened. Storm-0558 used forged authentication tokens to gain access to enterprise mail, exposing data from 25 organizations and related personal email accounts.
Microsoft's real-time investigation, sparked by customer reporting on June 16, showed that Storm-0558 focused on espionage to collect intelligence. The attack exploited a validation issue that allowed hackers to impersonate Azure Active Directory users, highlighting the evolving tactics of cyber adversaries and emphasizing the continual efforts needed to safeguard against complex vulnerabilities in the ever-changing cybersecurity landscape.
This is not the first time Microsoft has encountered coordinated cyber espionage campaigns by the Chinese state. In May 2023, they collaborated with international counterparts to expose an APT actor, Volt Typhoon, which targeted critical national infrastructure. The escalation in tactics employed by Chinese cyber espionage, moving from broad campaigns to stealthy maneuvers, poses a challenge to cloud security and wider network risk that requires ongoing vigilance and innovation in defense strategies.
5: The Pentagon Leaks
The Pentagon leaks, orchestrated by a 21-year-old Massachusetts Air National Guard member, Jack Teixeira, stand as a stark reminder of the persistent threat insiders pose.
Teixeira leaked highly sensitive military documents, which eventually found their way into the hands of Russians tracking the war in Ukraine. The leaked documents include classified information on Ukraine's armed forces, details of spying operations against allied governments, and assessments of US spy satellites.
Teixeira's actions could be far-reaching, affecting Ukraine's war strategy and straining US relationships with its allies. The incident underscores the importance of addressing insider risks in military and government organizations and across all sectors. The breach also raises questions about internal security policies, as Teixeira could print out and take top-secret documents home, demonstrating serious lapses in enforcement.
Organizations are urged to evaluate and strengthen their plans to mitigate insider threats, protect sensitive information, and consider document management strategies, such as disappearing documents and end-to-end encryption, that strengthen data security.
Common 2023 Cyber Security Themes
While each of these attacks presents novel challenges and unique circumstances, there are some common themes that businesses and governments should be aware of as we move into 2024.
One key commonality between all these cyber incidents has been the need to secure data and documentation, even against insider threats. Enterprise-level solutions, such as MOVEit and Microsoft, still contain weaknesses that criminals are able to exploit, and their size is no guarantee of security.
Instead, government branches and large businesses must look to prioritize documentation management as their 2024 strategy, seeking solutions like Inkit, which include document retention and management features, encryption as standard, and zero trust architecture.
Failure to comply with document requirements can have serious consequences. These can include legal fines, damage to your reputation, and disruption of your operations.
— Is your organization compliant?
Learn More about Document Requirements
Final Thoughts
Looking back at the cybersecurity events of 2023, it's clear that the online landscape is more challenging than ever before.
It's crucial to learn from these events and take steps to strengthen our digital defenses in 2024. This includes developing comprehensive cybersecurity strategies, leveraging advanced technologies like AI, and addressing internal risks in the hybrid workplace. By staying vigilant, implementing robust security measures, and promoting a culture of cybersecurity, we can create a safer digital future.
To learn more about how Inkit can help you safeguard your organization’s documentation, contact us now.
FAQs
Why is cybersecurity so critical for businesses and governments today?
Cybersecurity is essential as digital operations increase and data breaches become more sophisticated. Protecting sensitive data from unauthorized access and attacks helps prevent significant financial and reputational losses.
What was the purpose of the new US National Cybersecurity Strategy introduced in 2023?
The strategy aims to protect the nation's digital infrastructure, promote secure technology development, and hold tech companies accountable. Its five pillars address current and future cyber threats, encouraging resilience across industries.
What lessons can businesses learn from the MOVEit attacks?
The MOVEit attacks highlighted the importance of proactive security, particularly in managing file transfer systems. Businesses should regularly assess vulnerabilities, ensure encryption, and implement secure document management to reduce data breach risks.
How did insider threats impact cybersecurity in 2023, as seen in the Pentagon leaks?
The Pentagon leaks underscored the dangers of insider threats, which can be as damaging as external attacks. Organizations must prioritize secure document access controls and audit trails to reduce risks from within.
What steps can organizations take to protect against state-sponsored cyber espionage?
To defend against sophisticated espionage campaigns, organizations should use advanced security measures like end-to-end encryption, multi-factor authentication, and regular system audits. Collaborating with cybersecurity partners can also help detect and counteract threats efficiently.
