Cybersecurity year-end review: Two attacks that helped make 2023 the worst on record

No one is immune in this record-breaking time of cyberattacks. Read on to learn about some of 2023’s most notable data breaches, and the tools you need to safeguard your organization.

In an article from Cybersecurity Ventures, author Steve Morgan made a striking comparison that illustrates how prevalent cybercrime has become. Specifically, if cybercrime were a country, it would be the third-largest economy on earth.

Let that sink in.

This has indeed been a disastrous year for cyberattacks. The number of U.S. data compromises reported in the first three quarters of 2023 already exceed 2021’s previous record-breaking number – 2,116 incidents compared to 1,862. And that’s without including the year’s last three months of data.

Now, we can’t – and wouldn’t – dive into each and every one of those attacks. Candidly, it would be close to impossible. So here, we’ll focus on two widely publicized attacks, break down what we know, and discuss the types of tools that can help keep your organization safe.

Hackers shut down MGM

No industry is immune to cybercrime, as can be witnessed with the wide range of companies attacked in 2023. One notable example is the recent attack on MGM Resorts.

A Vox article explores how a costly, complicated, and extended cyberattack on MGM Resorts in September can be traced back to a single phone call. That is, if the claims made by the hackers themselves are accurate.

MGM Resorts first alerted customers of a problem in a September tweet announcing the hospitality giant had shut down large segments of their network to protect systems and data from a cybersecurity issue. Subsequent media reports detailed how many of MGM’s everyday technologies like slot machines, computerized check-ins, and digital room keys were no longer working. Casino staff had to shift into “manual mode,” distributing handwritten vouchers when guests won a jackpot. Meanwhile, MGM Resorts kept it brief on social media, announcing that they were staying open as they worked to resolve the issue.

The issue was resolved, MGM claimed, about ten days later. However, on October 5, they announced that hackers had accessed the personal information of an undisclosed number of customers. This data included names, dates of birth, contact information, passports, driver’s licenses, and Social Security numbers. Impacted customers were provided with free credit monitoring services — a costly but necessary response in these cases.

The hackers’ point of entry

So how did a huge hotel and casino chain with high-tech systems and security wind up in this position? The answer: spear phishing, i.e., researching, then contacting individuals to steal credentials through targeted psychological manipulation.

It's believed that a threat group called “Scattered Spider” was behind the MGM data breach, using RAAS (ransomware-as-a-service) tech from dark web provider BlackCat/ALPHV. Scattered Spider, also known as UNC3944 or Roasted 0ktapus, standardly uses spear phishing and social engineering tactics. In the case of MGM Resorts, it seems the threat group gathered information on MGM employees via LinkedIn, then called individuals on the phone, posing as IT help desk staff. The approach of phishing via phone calls is called “vishing.”

Amid continuing question marks, what's certain is the success of the spear vishing approach. Persuasive cybercriminals research and compile publicly available information, then use it to impersonate authorized users and manipulate their way into systems. Without robust identity and access management solutions supported by tools like multifactor authentication, these social engineering techniques can have billion-dollar consequences.

Third-party vendor data breaches

Another major area of concern for organizations is third-party access security. Although essential to doing business in the digital world, use of third parties increases risk to companies and their customers. One example: in May of 2023, it was revealed that data exchanged through MOVEit file transfer software was being illicitly extracted by a ransomware group called Cl0p.

As of November 9, this breach impacted approximately 2,636 organizations and over 89 million individuals. In many cases, the compromised organization did not use the software itself, but rather did business with a third-party vendor that used it. In some cases, the link was even further removed. Some organizations were affected because one of their vendors used a contractor that used a subcontractor that used MOVEit software. This alarming fact highlights how essential advanced third-party access management technology is to most businesses today.

The impact of this breach was so far-reaching that four of the top ten Q3 data compromises of 2023 were related to MOVEit. Even state and federal governments were impacted. The data of six million Louisiana residents was compromised through the state’s Office of Motor Vehicles. U.S. government services contractor Maximus had the highest number of impacted individuals at 11.3 million. Although most organizations breached were in the U.S., organizations in Canada, Germany, and the U.K. were also impacted.

Protecting an ever-growing attack surface

A truly comprehensive roundup of 2023’s cyberattacks can’t really be covered in a single blog post – because, frankly, it would take far too long to read. And that points to the real problem: cybercrime isn't likely to abate any time soon. One major reason for that is the attack surface for these criminals is growing every day:

With numbers like that, it should come as no surprise that 2023 is already the worst year on record for cyberattacks. But that doesn’t mean you can’t be prepared. Because these numbers also make the compelling case for robust identity and access management solutions.

With no signs of cyberattacks slowing down, organizations need to mitigate risk with identity management solutions that revoke, grant, and monitor user access without disrupting workflows or impeding productivity. Also, a combination of AI tools and human oversight should be used to track and analyze data to identify risky activity before it can progress into a major incident.

To discover how Imprivata can help your organization manage digital identities and prevent data breaches, check out our ransomware tech note, Ransomware risk mitigation.