Delving into the cyber realm of 2023, this countdown explores the most insidious cyber attacks—incidents where the true dangers may be challenging to quantify but remain ominously real. Beyond the headline-grabbing figures of fines and stolen records, these cases illuminate the evolving and often unpredictable landscape of cyber threats, as highlighted in the latest Gartner trends report, emphasizing the need for heightened vigilance in the digital domain.
10. LCBO
In January, online alcohol retailer the Liquor Control Board of Ontario (LCBO) was breached by a web skimmer. The company acted swiftly to take its website offline and inform potential victims that their payment details may have been stolen, but while the damage was minimal, we think it’s worth spotlighting because of the dangers it highlights.
The fact that attackers were able to inject malicious code into a Google Tag Manager snippet meant that they were able to use Google’s infrastructure for free and also use it to avoid detection. Tags measure website metrics and tag manager…well, manages them. This emphasizes the need to be vigilant even with trusted services. Bad actors aren’t shy about taking a Trojan horse approach to infiltrating systems when it suits them.
9. iOttie
One company that could’ve benefited from our solution earlier in the year is iOttie, which makes mobile phone mounts and accessories. In a data breach incident on its shopping site between April and June, a skimmer stole customers’ personal and financial information. The data breach was caused by a Magecart-type attack using malicious JavaScript inserted into the company’s website. It harvested customer data as they tapped it into the checkout page. The code was removed after a WordPress/plugin update, but by then it was too late.
iOttie has told its customers to monitor their credit card statements and bank accounts for suspicious activity because the stolen data is likely to be sold to fraudsters on the dark web – who will then use it to defraud them. Magecart-type web skimming attacks are an ongoing problem, and this one underlines the continuing need for a security solution that’s just as persistent.
8. Shields – Healthcare Provider
Shields Healthcare Group suffered a data breach perpetrated by a single hacker in March 2022, but didn’t tell affected customers they’d been hit until June. It’s a legal requirement to inform victims within 60 days of a data breach so this tardiness could open the company up to legal penalties. In any case, Shields will likely now face a class action lawsuit in relation to PII stolen from 2.3 million patients. The suit claims that the company didn’t just drag its heels in responding to the attack but was also “vague and evasive,” leaving victims anxious and at a heightened and imminent risk of identity theft.
Less than adequate security doesn’t just expose a business to fines. It also opens it up to legal action and leaves more dents in its reputation. The big danger here, in case you were wondering, is complacency!
7. Jimbos Protocol – Decentralized Finance Platform
Given that the finance industry routinely manages large amounts of money, it’s no surprise that online finance platforms continue to be prime targets for cyber attackers. In May 2023, bad actors used a logical vulnerability in the Jimbos Protocol crypto platform to manipulate its currency conversion prices. This error allowed them to make off with an estimated 4090 Ether worth $7.5 million. The platform’s native token, Jimbo, lost 40% of its value because of this breach, which just goes to show that attackers will explore every avenue in their search for new ways to defraud online service providers.
6. Latitude Financial
This personal finance products provider based in Australia and New Zealand is well known for offering zero-interest credit cards and buy-now-pay-later schemes for customers of large retailers. After the company was hacked in March it disclosed that 330,000 customer records had been stolen. It subsequently revised that figure to 14 million, which is troubling because it suggests that Latitude was initially unaware of the scale of the attack. It has since refused to pay a ransomware request, so the customer records, which include 7.9 million driver’s licenses, could end up for sale on the dark web.
The method of attack is thought to be third-party vendor DXC Technology, which Latitude used for credit-checking services. Someone used DXC credentials to log in and steal the data, but it’s Latitude itself that bears the final responsibility for this breach and it’s Latitude that may now face class-action lawsuits from millions of claimants.
5. Shopify
Web security company Reflectiz revealed in June that it had discovered an active and ongoing web-skimming campaign using compromised websites to target Shopify and other e-commerce stores. Although there’s no headline-grabbing figure with this story, it reveals an unsettling trend that you should be aware of. Attackers are infiltrating small or medium-sized retail websites and using them like storage facilities for their malicious code. When they attack e-commerce sites, they inject them with code that calls back to one of these trusted sites for the full malware payload, which is then deployed to skim customers’ card details.
Reflectiz recently thwarted similarly sophisticated Magecart attacks that use fake Shopify shops and trusted content delivery networks. You can download it here to learn how our remote sandbox solution stopped this novel threat from becoming yet another cybercrime news story.
4. PayPal
PayPal was attacked in January, and although hackers only managed to gain access to the personal data of just under 35,000 users, we would count this as a dangerous incident because of what it reveals about human nature. Criminals often try to exploit human frailty, and in this case, they used a tactic called credential stuffing to do that.
It involves an initial attack to steal thousands of user IDs and passwords from other websites (or a shopping trip to the dark web where such credentials can be bought by the thousands). The next stage is to try logging into the targeted website with the details. Some attempts will be successful because many people still haven’t got the message about never reusing credentials. Every username and password they use should be unique, but around 35,000 people were reusing the same ones across multiple sites. In this case, it gave the attackers two full days to grab the victims’ names and addresses, dates of birth, and Social Security numbers from PayPal, all of which can now be used to defraud them in the future.
3. 14 US Hospitals
Most cyber-attacks are carried out purely for financial gain (and they’ve cost the healthcare sector an estimated $77.5 billion in ransomware attacks since 2016), but for some, the motive is to score political points. The Russian activist group Killnet is renowned for attacking vocal opponents of Russia’s invasion of Ukraine, and in this case, it targeted 14 US hospitals with DDoS attacks in retaliation for US opposition to the so-called ‘Special Military Operation.’
DDoS attacks involve bombarding websites with millions of simultaneous requests, far too many for them to cope with, so they crash or simply become unusable. Killnet’s attack meant users lost access to electronic health records and IT services across various medical facilities, including Stanford University Hospital.
While this may seem like politically motivated vandalism, several security agencies have warned that DDoS attacks are being used as a smokescreen to hide ransomware attacks, so these could still happen. But the main takeaway here is that many bad actors oppose many nations on political, ideological, or religious grounds, and some of them now have the backing of hostile nation-states with unlimited resources like North Korea, Iran, Russia, and China.
2. Indian Council of Medical Research
in October the ICMR (Indian Council of Medical Research) suffered a breach of its COVID-testing database that exposed personal data from 815 million patient records. Security company Resecurity noticed victims’ names, addresses, passport numbers, and government IDs listed for sale on the dark web.
The staggering number of compromised records in this case highlights the problem of concentrating so much sensitive information in one place and then leaving the door open.
1. Cloudflare
Cloudflare is the biggest content delivery network (CDN) in terms of users, looking after 7.59 million active websites for a total of 4.1 million customers, which is why attacks on it can be so far-reaching. Its worldwide server network acts as a layer that sits between a website’s server and its visitors to make it faster, safer, and more reliable.
In February, Cloudflare was hit with an unprecedented 71 million request-per-second HTTP DDoS attack, the largest ever recorded. It targeted gaming platforms, cryptocurrency companies, and hosting providers, among others. Although in this case Cloudflare successfully repelled the attack, it’s worth bearing in mind that between them, the top three CDN providers look after 89% of all customers. It doesn’t seem too outlandish to claim that a successful attack against them could potentially take most of the world offline and hold it to Ransom.
As we reflect on the alarming incidents of 2023, it’s evident that cyber threats continue to evolve in complexity and scale. From stealthy web-skimming attacks exploiting trusted services to massive DDoS assaults on key infrastructure, the cyber landscape demands constant adaptation and robust security measures. In light of these and many other threats, always invest in the best protection. Make your website safer today with Reflectiz.
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!