Avoid Data Breaches in 2024: Key Takeaways from Some of 2023’s Biggest Cyberattacks

According to Juniper Research, the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024. That’s an average annual growth of 11%.

And as we step into 2024, the digital landscape continues to evolve rapidly, bringing both opportunities and challenges in cybersecurity. This past year, we witnessed some of the most significant cyberattacks in history, offering valuable lessons for all of us as we look to next year and how to prevent similar data breaches.

This article delves into seven major cyber incidents from 2023, extracting critical takeaways to help avoid data breaches and strengthen cybersecurity defenses in the coming years.

Critical Takeaways

1. Royal Mail Ransomware Attack: Demonstrated the need for prioritizing endpoint security and individual employee loginsto mitigate ransomware threats.

2. Okta's Employee Data Breach: Highlighted the importance of separating personal and professional data on work devices to prevent unauthorized access.

3. 23andMe Credential Stuffing Incident: Stressed the significance of unique passwords, multi-factor authentication, and web application protection to defend against credential stuffing attacks.

4. MOVEit File Transfer Tool Breach: Emphasized the necessity of comprehensive security assessments, patch management, strong access controls, and employee training in safeguarding file transfer infrastructures.

5. Discord.io Website Vulnerability: Underlined the importance of robust firewalls, secure password policies, SSL encryption, and diligent admin user scrutiny to protect websites from cyberattacks.

6. Activision Smishing Attack: Showcased the dangers of smishing and the need for caution with text links, regular phone OS updates, and skepticism towards texts requesting personal information.

7. MailChimp's Social Engineering Attacks: Revealed the critical role of vigilance in verifying communication sources, assessing information authenticity, and employing effective spam filters to counter social engineering.

Royal Mail Ransomware Attack

In January 2023, the British postal service company was hit by a ransomware attack that was attributed to a LockBit affiliate. This attack led to significant disruptions in international services. The ransomware actors demanded around $80 million to prevent the release of stolen data. Despite Royal Mail's mature security program, issues like understaffing and lack of experience in system hardening against ransomware threats were evident.

Keys to Prevent:

• Prioritize Endpoint Security: Endpoint security safeguards networks connected to devices like laptops, tablets, and mobile devices. It’s a crucial part of any cybersecurity strategy.

• Separate Personal Accounts for Employees: Each employee should have unique logins for different software and applications. Shared credentials increase security risks. Providing individual logins reduces the attack surface, enhancing security and usability.

Okta Employee Signs into Personal Account on a Company Laptop

In one of the most glaring examples of any organization being vulnerable to a data breach, Okta, a company whose entire business is built around identity management and security, was breached.

The cyberattack on Okta involved unauthorized access to its customer support system. This access was gained through a service account that was stored within the system and had permission to view and update customer support cases.

Okta's investigation revealed that an employee, using an Okta-managed laptop, had logged into their personal Google profile on Chrome. The username and password for the service account were saved in the employee’s personal Google account, which led to the security breach.

Key to Prevent:

• Consider barring employees from accessing personal information on work computers and vice versa.This separation of personal and professional accounts and data can significantly reduce the risk of sensitive information being compromised through personal accounts. Organizations can better secure their critical systems and data by enforcing strict policies that separate personal and work-related activities on company-managed devices.

23andMe Falls Prey to Credential Stuffing

The attack on 23andMe involved credential stuffing, where attackers used pre-collected login credentials from other organizations to access user accounts, leading to potential identity theft and financial fraud. 

Keys to Prevent:

• Use Unique Passwords for Each Service: Encourage users to create unique passwords for every account. This can be managed easily with the help of a password manager or by creating personal "encryption rules" for password generation.

• Implement Web Application and API Protection (WAAP): Invest in a reliable WAAP solution to detect abnormal traffic and suspicious login attempts, which is crucial in defending against automated attacks like credential stuffing.

• Limit Authentication Requests and Set Up Failed Request Alerts: Limit the number of failed login attempts by various criteria (IP address, location, device, timeframe) and alert users of failed attempts. This can slow down attackers and inform users of potential breaches.

• Use Multi-Factor Authentication (MFA): Implement MFA, requiring additional information beyond passwords for login. This could be knowledge-based (security questions), possession-based (one-time codes sent to a phone), or biometric (fingerprint or facial recognition).

• Screen for Leaked Credentials:Use tools to check user credentials against databases of known compromised credentials. Services like HaveIBeenPwned.com can help service providers and end-users identify if their credentials have been part of a data breach. 

File Transfer Tool MoveIt Breach Affected Over 2,000 Organizations 

The attack on MOVEit, a file transfer program used by various organizations, was carried out by a hacker group called CL0P in May 2023. They exploited three vulnerabilities, including a zero-day vulnerability, resulting in escalated privileges and unauthorized data access. Affected entities included the NYC public school system, Sony, British Airways, BBC, and the Ontario Birth Registry.

Keys to Prevent:

• Comprehensive Security Assessments: Regular security assessments and penetration testing should be conducted to identify vulnerabilities in the MFT infrastructure.

• Patch Management and Updates: Implement a robust patch management process to address known vulnerabilities promptly. Ensure all software components are up to date.

• Access Controls and Authentication: Enforce strict access controls and role-based permissions. Implement multi-factor authentication to enhance security.

• Encryption and Security Protocols: Use strong encryption algorithms for data in transit and at rest. Employ secure file-transfer protocols like SFTP or FTPS.

• Employee Awareness and Training: Conduct regular security training for employees and promote a culture of cybersecurity awareness within the organization.

• Backup and Disaster Recovery: Regularly back up critical data and maintain an effective disaster recovery plan for business continuity in case of an attack.

• Managed Detection and Response Service: Implement an MDR service for additional layers of detection, investigation, and response to abnormal activities and attempts at lateral movement.

Discord.io Shuts Down Following Website Vulnerability

The attack against Discord.io, a third-party site that allowed Discord users to create personal invites, occurred on August 14. A hacker exploited a vulnerability in the website's code, gaining access to the company’s database. The hacker downloaded the entire database and subsequently put it up for sale on Breached Forums, a notorious hacking site. Discord.io was forced to shut down all business operations and no longer exists.

Keys to Prevent:

• Install a Good Firewall: A robust firewall acts as the first line of defense against cyber threats, monitoring incoming and outgoing network traffic based on security rules.

• Strong Password Policy and Password Manager: Implement a firm password policy that requires complex passwords. Use a password manager to store and manage these passwords securely.

• Install SSL and Use HTTPS: Secure your website with SSL (Secure Sockets Layer) to encrypt data transferred between the user and the server. Ensure that HTTPS, which uses SSL, is enabled for your website.

• Scrutinize Admin Users Carefully: Admin accounts have extensive access and control. It's crucial to vet individuals who are given admin privileges thoroughly.

• Use an Activity Log: Keep an activity log to monitor and record actions taken on your website. This can help detect unusual activities early and trace actions in case of a breach.

Smishing Attack Exposes Activision

The attack against Activision was an SMS phishing (smishing) attack targeting a privileged user on the network. Hackers managed to steal employee information such as full names, emails, phone numbers, salaries, workplace addresses, and details about upcoming Call of Duty games.

Keys to Prevent:

• Avoid Clicking Suspicious Links in Texts: Be cautious about hyperlinks in texts, especially from unknown or suspicious numbers. Cybercriminals often use shortened URLs in SMS messages to disguise fake URLs.

• Do Not Respond to Unknown or Suspicious Texts: Responding to such texts can confirm to scammers that your number is active, potentially leading to more spam and harassment.

• Keep Phone’s Operating System Updated: Regular updates can protect against malware hidden in smishing links.

• Be Skeptical of Texts Requesting Personal Information: Legitimate organizations, including government agencies and reputable companies, will not ask for sensitive details via text. Verify any such requests through a trusted channel.

Social Engineering Sinks MailChimp for the Third Time

The attack on Mailchimp on January 18 was the result of social engineering, marking the third such attack within a year. Social engineering exploits human traits like curiosity, respect for authority, and the desire to help. 

Keys to Prevent:

• Check the Source: Always verify the origin of communications. Be skeptical of unexpected emails, phone calls, or physical items like USB sticks. Scrutinize email headers, check link destinations without clicking, and look for spelling errors.

• Assess the Information They Have: Legitimate entities like banks should have your personal details. Be cautious if the caller or sender lacks information they should already have.

• Break the Loop of Urgency: Social engineering relies on creating a sense of urgency. Take time to think and verify the authenticity through official channels, like ringing the official number or visiting the official website.

• Ask for ID: In physical interactions, always ask for identification, especially if someone requests access to secure areas or information.

• Use a Good Spam Filter: Adjust your email program's settings to ensure effective spam filtering. Look for filters that detect suspicious files, links, and content.

• Evaluate Realism: Assess the plausibility of the situation. Consider if the scenario presented makes sense, like unexpected inheritances or friends in unlikely emergencies.

Lessons Learned from 2023 Data Breaches

2023 featured a series of significant cyber incidents, highlighting the continuous evolution and complexity of cybersecurity challenges. As we move into 2024, it is imperative to learn from these events to bolster our defenses against future threats.

We have provided an in-depth analysis of seven major cyberattacks from 2023, each presenting unique lessons and strategies for enhancing cybersecurity measures. These incidents collectively underline the ever-evolving nature of cyber threats and the necessity for ongoing vigilance, education, and advanced security measures.

HBS provides cybersecurity solutions that keep your network secure and protected from threats by detecting and responding to threats quickly while preventing others completely. Contact HBS today and get connected with our cybersecurity experts.