2023 Top 10 Cyberattacks

Some of the biggest and most devastating cyberattacks on record happened in 2023. The intrusions into the most sensitive and vital information and data of companies and governments anticipate a new year of increased ransomware, malware, phishing, and other cyberattacks. MSPs and cybersecurity providers must step up their game to protect their clients, including themselves, from the endpoint and beyond. Here are the top ten cyberattacks that occurred in 2023.

1. Ransomware Attack on Johnson Controls – A technology company, Johnson Controls, that specializes in smart and sustainable buildings and spaces, received a $51 million ransomware demand in late September from the Dark Angels breaching group to deliver a decryptor and destroy stolen data. The digital threat operators claim to have stolen approximately 27 terabytes of data and encrypted the company’s ESXi servers in the ransomware attack. The theft was particularly concerning since it could have included critical Department of Homeland Security (DHS) data revealing security details on third-party contracts and physical floor layouts of specific agency sites.
2. Data Stolen from MGM Customers – In September, threat operators gained access to personally identifiable information for approximately 10.6 million MGM Resorts customers. It resulted in a $100 million hit to MGM’s financial report in the 3^rd quarter, but the company expected its cyber insurance to cover the cost. MGM declined to pay the threat operators’ ransom demand. However, Caesars Entertainment was targeted by a ransomware attack and is thought to have paid almost half of the $30 million the threat operators demanded to prevent the stolen data from being disclosed.
3. Supply Chain Attack on Dollar Tree – In August, a supply chain attack affected discount retailer Dollar Tree, compromising the personal information of about 2 million consumers following a digital break-in of Zeroed-In Technologies, a third-party service provider. Dollar Tree, which owns around 16,000 namesake and Family Dollar stores in North America, was targeted in a manner comparable to the major 2020 Russian-backed attack on SolarWinds.
4. Australian Port Operations Disabled – Cyberattacks on key infrastructure reached their height in November, when DP World Australia’s operations were disrupted, forcing the port operator to shut down four main terminals. The attack, which impacted ports in Sydney, Melbourne, Brisbane, and Fremantle, halted the flow of around 30,000 shipping containers when stockpiling eventually exceeded available storage capacity. The breach followed a cyberattack on China’s Industrial and Commercial Bank of China.
5. Russian-Ukrainian Cyberwar – Wars today are fought on land, sea, air, and cyberspace, as seen by the Russia-Ukraine War. To confront its Russian cyber foes, the Ukrainian National Center for Cybersecurity Coordination and IP3 International, an energy security company, announced the establishment of Ukraine’s Collective Defense AI Fusion Center (CDAIC) in October. The CDAIC encouraged Ukraine and its allies to work together to prevent cyberattacks. Russian threat operators breached Ukrainian telecommunications Kyivstar’s system since at least May 2023.
6. Largest Cyberattack in Internet History – Rapid Reset – Cloudflare assisted in identifying and addressing a global zero-day security vulnerability that allowed threat operators to launch attacks on a scale unprecedented on the Internet. Cloudflare created technology that automatically stopped any attacks that exploited the vulnerability and discovered the vulnerability, HTTP/2 Rapid Reset, in August 2023. It was created by an unknown threat actor and exploited the standard HTTP/2 protocol, which is required for the operation of the internet and most websites. Cloudflare faced a Rapid Reset attack and adopted an “assume-breach” approach, collaborating with industry partners to determine the best strategy to neutralize the attack.
7. S. Government Sites Breached by Chinese Threat Operators – In July, Chinese threat operators secretly accessed email accounts at over two dozen organizations since May, including the United States State and Commerce departments. The cyber crew compromised approximately 25 companies and related consumer accounts of individuals associated with the agencies. Secretary of Commerce Gina Raimondo’s email account was among those compromised.
8. Cl0p Russian Ransomware Attacks – Numerous U.S. government agencies were targeted by the same Cl0p Russian ransomware group that carried out the MoveIT operation, once again using the massive file transfer system to get access to information and documents. The United States Department of Energy confirmed that it was among those affected. The attack followed Cl0p’s attacks on computer networks in the states of Illinois and Minnesota, the British Broadcasting Company (BBC), British Airways, Canada’s Nova Scotia province, Shell Oil, a retail chain in the United Kingdom, and Walgreen’s pharmacy, among other institutions.
9. Data Leaks from Dish Network – Dish Network, a satellite provider, disclosed in an 8-K Securities and Exchange filing dated February 28, 2023, that it had experienced the exfiltration of certain but unspecified data. Dish Network shut down its internal communications, customer call centers, and websites. Dish didn’t provide any information regarding which cyber crew may have been behind the attack, if a ransom note was left, how much was demanded and if the company paid the ransom.
10. Cyberattack on T-Mobile Impacted 37 Million – T-Mobile, a U.S. mobile company, announced a cyberattack in January and confirmed that 37 million users were affected by the data breach. T-Mobile reported that no passwords, credit card information, Social Security numbers, government ID numbers, or other financial account information had been compromised. The company stated that some basic customer information was collected, practically all of which is commonly found in marketing databases or directories. The information includes the name, billing address, email, phone number, date of birth, account number, and details on the number of lines on the account and service plan features.

These cyberattacks in 2023 are a major reminder that companies need to remain alert to the latest threat landscape and regularly update their data networks’ security infrastructure. At SpearTip, our Security Operations Center remains staffed 24/7/365, working in a continuous investigative cycle to respond to unwarranted intrusions at a moment’s notice. Within minutes of engagement, SpearTip can respond to the breach and reclaim networks within hours. Then, we deliver a detailed report for comprehensive understanding. SpearTip’s engineers and analysts within our 24/7/365 Security Operations Center utilize the ShadowSpear Platform to respond to active threats by continuously monitoring your environment. The SOC is built to relieve the burden of cybersecurity from your team by acting and informing your organization. Our Advisory Services are your solution to safeguard and counter complex cyber threats. Our team is equipped to address security issues, including ransomware, business email compromise, and insider threats. By identifying weak points in your system and addressing them, we continually work towards improving your security posture. SpearTip’s service offerings were created with client journeys in mind. Whether your organization has never utilized any cybersecurity services, or you’re the most thorough organization in the world, we have solutions to meet your specific needs.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.