Biggest Cyberattacks of 2023 And What Caused Them

Why Trust Tech Report

Tech Report is one of the oldest hardware, news, and tech review sites on the internet. We write helpful technology guides, unbiased product reviews, and report on the latest tech and crypto news. We maintain editorial independence and consider content quality and factual accuracy to be non-negotiable.

Instances of cyberattacks are increasing every day. Take 2023, for example – as many as 33 billion accounts, costing $8 trillion in losses.

In fact, the number of attacks in the first nine months of 2023 surpassed the total number of attacks throughout 2022. Quite naturally, you’re probably concerned about your own device’s security.

If that’s the case, read on to learn more about the biggest cyberattacks in 2023, their causes, and tips on how you can protect your device against these growing threats.

Top 7 Biggest Cyberattack Incidents of 2023

Before we talk about the precautions you can take, let’s examine the seven biggest cyberattacks in 2023 to understand what we are up against.

1. T-Mobile Data Breach Affects 37 Million Customers

In January 2023, T-Mobile had a data breach that affected almost 37 million customers. In a notification on its website, the company said no confidential data, such as passwords or government IDs, was leaked.

T-Mobile also said that neither its network nor infrastructure was compromised during the breach. It was done through a single API, hinting that its network was still safe for customers.

Hackers stole data like names, billing addresses, phone numbers, and email accounts – information that can easily be found online.

The telecom giant also tried to reassure users by stating that the data stolen could not be used in financial fraud.

However, since the hackers also stole names and associated contact details, they could easily use this information to impersonate the affected users online. After all, if the hackers went to so much trouble to steal some data, they certainly planned to use it.

According to the timeline released by T-Mobile, they found out about the breach on January 5, 2023. However, further investigation revealed that the hackers had been stealing data since November 2022.

One good thing about this unfortunate incident was how quickly T-Mobile responded. Within 24 hours, they managed to identify the source and stop it.

Sadly, this isn’t the first time that T-Mobile has been attacked. For instance, in 2021, a group of hackers got access to the company’s testing network, stole employee credentials, and broke into a database containing details of 40 million customers.

2. Oakland’s Ransomware Attack

The city of Oakland was hit by one of the worst cyberattacks in the industry. The incident first came to light on February 8, 2023. It got so bad that they had to declare a state of emergency and temporarily shut down government offices a week later.

It’s believed that the hacker accessed a computer system with an employee’s information stored on it due to their employment with the city.

The hacker used this information to crack the computer’s password and break into the network. As per the latest reports, the PLAY ransomware group was behind the attack.

To expedite recovery, the IT department temporarily shut down all non-emergency services, including the transport department and the mayor’s office, to thoroughly inspect and minimize the spread of the ransomware.

Suspending non-emergency services heavily impacted the city’s day-to-day functioning, such as processing reports, issuing permits and licenses, and receiving payments.

Calls to emergency services were deemed safe, but the response times were considerably slower. In short, the whole city was under a communication lockdown.

It also crippled the police department, forcing them to resort to old-school methods of communication, such as using handheld radios to manage dispatch and using pen and paper for their work instead of a laptop.

City officials sent out a notice that ‘City mobile devices, NeoGov, Oracle, Office 365, OakWiFi, the City’s website, and many other services are not known to be impacted.’ Authorities also shared an update stating that a recovery plan was in motion and they would soon restore all services.

While the exact motives of the attack are unknown, it was assumed that the intention was to wreak havoc in the city, halt it for some time, and attempt to steal some personal data. As of now, there hasn’t been any update on any further mass data leaks.

3. UK’s Electoral Commission Attack Exposes The Data of 40 Million Voters

The Electoral Commission in the UK first noticed suspicious activities on their network in October 2022. Further investigation revealed an unauthorized third party had had access to the network for over a year, since August 2022.

During the attack, the hackers accessed their control systems, email accounts, and copies of electoral registers, which contained the data of about 40 million users. This included anyone who registered as a voter between 2014 and 2022, plus registered overseas voters.

The authorities weren’t sure if the hackers managed to transfer all the data. If they had, they would have been able to access those citizen’s names, contact details, and photos. Any other data sent to the commission via an online form or email would also be in their hands.

Although this type of data is usually available in the public domain, the bigger concern is that it could be used to impersonate someone or tie up missing links to stalk a person.

The Electoral Commission delayed informing the public about the attack. However, a spokesperson tried to justify it by saying their priority was to remove the hackers, assess the extent of damage, and put new protocols in place to prevent an attack like this in the future.

During this time, they also updated their firewall policies and network login requirements and improved their threat monitoring techniques.

The only silver lining was that the election process was not compromised. Authorities said that since most of the actual process is still paper-based, the attack would in no way influence the election’s final results.

4. 23andMe’s Major Data Breach

In December 2023, genetic DNA testing company 23andMe revealed a major data breach that risked the data of 6.9 million users. Almost half of its customers.

The stolen data included the user’s name, date of birth, percentage of DNA shared with other relatives, relationship with said relative, and location.

Also, 1.4 million of those affected had signed up for a service called DNA Relatives. This meant the hacker had access to everyone in their family tree’s names, relationships, locations, and dates of birth.

This wasn’t the first time that 23andMe had faced a data breach.

In October of the same year, an unknown hacker announced that they had stolen DNA records from the platform and posted the genetic details of 1 million users as proof. The hacker sold each DNA record for between $1 and $10 on the platform.

However, the company didn’t admit any responsibility for this attack. It claimed the investigation revealed its system hadn’t been tampered with.

It looks like individual accounts were attacked using a technique called ‘credential stuffing,’ a trial-and-error method to break into someone’s account. Using recycled or weak passwords makes it even easier for hackers.

5. MGM Resorts Lost $100 Million to Hackers in Ransomware Attack

The MGM group lost $100 million to a hacker during a ransomware attack. The incident happened in Las Vegas, where the company owns several casinos.

Two of them – Mandalay Bay and Bellagio – were hacked in September, after which the company had to shut down a number of its services to minimize the risk of exposing customer information.

Unfortunately, the impact of the hacked systems spread beyond the casinos. Many of its hotels were also affected.

Since a large portion of the hotels’ and casinos’ internal network was turned off, employees were locked out of their corporate email accounts for several days. Some customers couldn’t even use their keycards to enter their rooms, and entire sections of MGM slot machines had to be roped off.

Despite these measures, the hackers did manage to access some customer data, such as names, contact details, social security numbers, and driver’s licenses.

No one was officially named, but a group called Scattered Spider, also known as Octo Tempest unofficially took responsibility for the attack. The group specializes in impersonation.

For this attack, they found one of the employees’ LinkedIn accounts and impersonated them in a call to MGM’s IT help desk to obtain access credentials. Once they had the credentials, infecting the system was a breeze.

According to the Chief Technical Officer at cybersecurity firm Mandiant, this group has been very active and disruptive recently. And although the ransomware used to attack the company was relatively new, it had already affected 100+ organizations.

6. Boeing’s Major Data Leak by Russian-Affiliated Group

In November 2023, the LockBit ransomware gang attacked aerospace company Boeing. A listing (which has now been removed) on the gang’s leak site threatened that they would publish all the stolen data on this site if the company didn’t meet their demands.

Almost 45 GB of data was stolen and published. It mainly consisted of email backups, Citrix logs, provisioning services, security controls, and audits.

The company was adamant about not giving in to their demands despite being given a deadline and a sample leak of 4 GB of data. Since they refused to pay the ransom, on November 10, the hackers published the stolen data online.

This is an interesting case because Boeing was incredibly secretive about the crisis. They made very few statements about how the attackers broke into their system and the extent of the damage.

They seemed to only want to collaborate with law enforcement authorities during that time to handle the issue.

This was also not the first attack helmed by Lockbit in the USA. From 2020 to the time of the attack on Boeing, the group had managed to extort $91 million in ransom.

7. Johnson Controls Ransomware Attack

Johnson Controls is a globally renowned smart building technology company that the Dark Angles hacking group attacked in September 2023. The extent of the attack and damage shook the industry.

The attack’s initial source was found to be spear-phishing emails that helped the hackers steal credentials and gain access to Johnson Controls’ internal servers. Once inside, they escalated privileges and introduced ransomware in the company’s internal infrastructure.

Although the company was quick to take action and immediately activated its incident response plan, the attack was too damaging and ended up crippling its day-to-day operations.

The bigger concern was that it put extremely sensitive information about the Department of Homeland Security (DHS) at risk, as it was a client of Johnson Controls at the time.

An update at the beginning of March 2024 stated that the company had refused to pay the ransom. Hence, not only did it lose data due to the theft, but it also cost the company a hefty $27 million. This amount consisted of lost and deferred revenues and expenses to restore its infrastructure.

The company also expects more expenses throughout 2024, or at least in the first half of the year. These are to cover third-party charges such as hiring IT and forensic experts and other professional services to mitigate the risk.

It also anticipates incremental operating expenses due to the disruption of its previous systems.

How To Stay Safe From Cyberattacks

Businesses are doing their best to protect their customers from cyberattacks. Sadly, hackers are just as good and constantly develop new ways of compromising devices and networks.

Instead of solely relying on your service provider, here are some tips to help you stay safe from cyberattacks.

1. Create Strong Passwords

Try to make your passwords longer and harder to guess for example, don’t make them a sequence (like 123456789).

That’s because when hackers try to break into a device, they usually use a brute-force attack. It’s a trial-and-error method that uses different possible combinations to see if they fit your account.

You can use online tools to check the strength of your passwords, preventing you from using something as simple as your name and birthday. These details can be easily stolen, even from your social media account. From there, it’s a cakewalk to hack your account.

We recommend using one of the best password managers, which will not only suggest strong passwords for your accounts but also save them for you.

They prompt you if your password is weak and employ encryption techniques to keep your passwords safe.

Here’s a list of common passwords and, hence, should absolutely avoid:

Also, make sure you have separate passwords for every account. This way, even if one of your passwords is compromised, it can’t be used to break into the rest of your online accounts.

2. Secure Your Device For The Worst-Case Scenario

Data thefts don’t always happen online. Sometimes, you might lose or misplace your device, or it may get stolen. In any of these cases, the perpetrators have physical access to your device, making it all the more easy for them to steal your information.

Make sure you have a strong password, preferably a biometric lock. Also, as an extra layer of protection, you can add individual app locks.

As soon as you realize your phone is missing, use another device and select the ‘log out of all devices’ option. Also, change your passwords to all accounts immediately.

Disable the automatic Bluetooth connection and password-protect your device for downloading new apps.

If your device supports it, use the remote lock or wipe feature. These features let you remotely lock your device or send a command to erase data if it’s stolen.

3. Don’t Trust Anyone You Don’t Know

Spam emails and social media messages remain one of the most common hacking techniques.

If you see an email from someone you don’t know, don’t click on any links or download any attachments. No matter how convincing the message is, it could be a trap that would give the hackers complete access and control over your device.

4. Always Keep Your Device & All Other Software Updated

Cyberattacks happen when hackers discover a vulnerability in an app and exploit it to their benefit. However, your service providers are working hard to provide you with a safe environment.

That’s why you’ll often notice new app updates on the app store or a reminder from your mobile manufacturer to update your device.

All these updates come with new patches that fix the vulnerability, thus blocking the path that could have given these malicious actors access to your device.

5. Install a Reliable Antivirus

Primary precautions, like those just discussed, often fall short in the face of advanced hackers. That’s why we recommend installing an antivirus. Most of the best antivirus providers offer real-time protection, ensuring you’re always protected.

An antivirus will also check everything you download before it enters your device and alert you the second it detects a suspicious file or app.

We also recommend backing up your data. This way, if you face a cyberattack, you still have a copy of it.

6. Keep Your Wi-Fi Secure

We all use Wi-Fi these days, as perpetual connectivity has become the norm. All our devices, whether at home or the office, are connected to Wi-Fi, making them all the more vulnerable to attack.

If a hacker manages to break into a Wi-Fi network, they’ll have easy access to any device that connects to it. Similarly, if an infected device connects to your Wi-Fi, your device is also at risk of exploitation.

So, it’s best to keep your Wi-Fi password protected. Make sure you enable network encryption, disable showing your network name in the list of available networks, and keep the software up to date.

If you’re on a public Wi-Fi network, such as at a school, office, hospital, or airport, we recommend using one of the best VPNs to encrypt your internet traffic and spoof your IP address.

This hides you on the internet and makes it impossible for hackers, internet service providers, and even government authorities to track you.

The Most Secure Devices Against Cyberattacks

The first thing you need to understand is that no device is invincible. Regardless of its security claims, any device can fall victim to a cyberattack.

However, depending on the security protocols they employ, some devices are more secure than others. Here are three things you need to keep in mind while selecting a secure device.

1. Mobile Phones vs PCs

Mobile devices, even Androids, are more secure than personal computers. That’s because you usually download apps onto your phone through a secure app store where every new app is vetted before being added.

However, on a PC, you can easily accidentally download a malicious third-party app from the browser.

But it’s not the same for PC apps. Unless you install an antivirus and manually quarantine the infected app, it will spread across the system.

2. Apple Devices vs Android

Apple devices are considered more secure than Androids. That’s because they have a built-in encryption system that protects your data even if your phone’s main processor is compromised.

The Apple App Store also has more stringent policies than the Google Play Store. Each available app is thoroughly vetted before being added, and even after that, its actions are continuously monitored.

Apple devices also have a superior facial recognition system and cannot be fooled by a photo of the device owner.

Keep in mind that these security measures only apply to phones that haven’t been jailbroken or modified. Tampering with a phone’s original configuration makes it more vulnerable to attack.

3. Google Pixel Are Upping the Ante

Although Android devices are considered less secure than iPhones, Google Pixel seems to be changing that narrative.

For instance, they contain the Titan M security chip, which protects your personal data and keeps hackers away. The chip adds an extra layer of protection beyond Android’s default security measures.

Google Pixel regularly releases security updates, increasing the likelihood that any vulnerability is patched before hackers can find out about it.

What’s more, you can decide which apps can collect your personal information from the app settings. This way, you can fearlessly download as many apps as you want (even if you don’t know whether they’re safe). If they can’t access your data, the threat actors can’t hack your device through them.

Key Takeaways

Cyberattacks have existed ever since technology became available to the masses and will continue to exist. Currently, there’s no way to completely eradicate the threat.

However, the examples of the major data breaches we’ve discussed provide valuable insights into what went wrong and what steps we can take to develop better defenses in the future.

Choosing the right device and a secure network provider is very important. Still, don’t completely rely on them to keep your data safe. Always use a strong and unique password that’s difficult to guess so there’s no vulnerability from your side.

Resources

• Addressing Data Security Concerns (23andme)
• Public notification of cyber-attack on Electoral Commission systems (Electoral Commission)
• City of Oakland Restores and Recovers Systems Affected by Ransomware Attack (City of Oakland)
• T-Mobile Informing Impacted Customers about Unauthorized Activity (Tmobile)