For the fourth year in a row, cyber attacks were reported as the number one cause of outages across organizations in Veeam’s annual Data Protection Report.

While respondents said they will spend more trying to defend against cyber attacks this year, the report found that these IT leaders are increasingly concerned about their ability to recover and restore mission-critical data after an attack.

One of the biggest challenges in cybersecurity is that the landscape is constantly evolving due to emerging threats and technologies. To get a sense of priorities and focus areas for 2024, we’ve analyzed recent cyber attacks to identify important patterns and trends. We’ve also included some tips to help prevent cyber attacks. 

Recent Cyber Attacks in the Past 12 Months

Below is an overview of some of the most recent cyber attacks in the past year that had a significant impact on the company’s operations, financial performance, and supply chain.

1. ICBC Financial Services ransomware attack

Date: November 2023

Impact: Disruption of the US Treasury market

In November, a subsidiary of the Industrial and Commercial Bank of China (ICBC), the ICBC Financial Services, experienced a ransomware attack that disrupted some operating systems, including those used to clear US Treasury trades and repo financing. As a result of this disruption, the brokerage was unable to settle trades for other market players and temporarily owed BNY Mellon $9 billion. 

This not only highlights the growing payment interruption risk that financial institutions face due to cybersecurity incidents — it also reflects the increasing scale of such incidents. Because financial systems and business operations are increasingly interconnected, the impact of a cyber attack is rarely limited to the target organization. Instead, it has a ripple effect that can affect organizations and economies across the world. 

The attack on ICBC Financial Services, for example, disrupted the US Treasury market, which plays a crucial role in global finance. 

Key learning

Cyber attacks like this are expected to increase as threat actors continue to target important financial institutions and infrastructure in major economies. If successful, an attack on one organization can impact partners, suppliers, and customers across the globe. 

This emphasizes the importance of supply chain risk management. Supply chain risk management involves identifying and assessing threats throughout the supply chain and developing mitigation strategies to protect the integrity, trustworthiness, and authenticity of products and services within that chain. Having a defined process in place can help your organization minimize the likelihood and magnitude of these risks to the supply chain.

2. MGM Resorts phishing attack

Date: September 2023

Impact: Over $100 million in financial losses

After detecting a cyber attack that disrupted its operations in late September 2023, MGM Resorts International shut down its systems to contain the damage. It then reported that it would take a $100 million hit to its third-quarter results, as it worked to restore its systems. The casino giant also expected to incur a one-time cost of approximately $10 million related to the attack.

It appears that the hackers used a social engineering technique known as vishing. After finding an employee’s information on LinkedIn, the hackers impersonated the employee in a call to MGM’s IT help desk to obtain credentials to access and infect the systems. 

Key learning

Social engineering attacks are expected to increase in sophistication and frequency due to AI, which enables threat actors to create more convincing and legitimate sounding phishing emails, deepfakes, vishing calls, and more. 

Organizations that extensively use AI and automation to enhance their cybersecurity capabilities will be best positioned to defend against this weaponized use of AI by cybercriminals. In a study by Capgemini Research Institute, 69% of executives said that AI is necessary to effectively respond to cyberattacks and results in higher efficiency for cybersecurity analysts.

3. Boeing ransomware attack

Date: October 2023

Impact: 43GB data leak 

In October 2023, Boeing, one of the world's largest defense and space contractors, suffered a cyber attack that impacted its parts and distribution business. This attack was traced to a vulnerability in Citrix’s software, known as Citrix Bleed, that was exploited by the ransomware group LockBit 3.0. LockBit later leaked more than 43 gigabytes of data allegedly stolen from Boeing’s system when the aerospace company refused to pay the demanded ransom.

Exploitation of CitrixBleed impacted other major organizations as well, including the U.S. branch of ICBC and logistics firm DP World. The majority of affected systems were reported to be located in North America. It’s estimated that US organizations hit by LockBit paid as much as $90 million in ransom between 2020 and mid-2023.
As a result of the incident at Boeing, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and Australian Cyber Security Center issued a cybersecurity advisory urging organizations to patch against the actively exploited flaw immediately if they haven’t done so already. 

Key learning

In October, Citrix posted a security bulletin rating the bug a 9.4 out of 10 on the CVSS severity scale. However, in November, thousands of instances where the tool was used were still vulnerable to the issue, including nearly 2,000 in North America alone. There was widespread exploitation of the Citrix vulnerability in unpatched software services throughout both private and public networks as a result. 

Managing exposure to discovered vulnerabilities is a key aspect of vulnerability management, alongside discovering, categorizing, and prioritizing vulnerabilities and analyzing the root cause of vulnerabilities. Having a robust vulnerability management program can help an organization develop a comprehensive understanding of its risk profile, understand what controls need to be implemented for risk mitigation, and prevent repeat vulnerabilities. 

4. The British Library ransomware attack

Date: October 2023

Impact: Major disruptions to systems and operations and 600GB data leak

The UK's largest library was hit by a cyber attack on the last weekend of October. While the British Library took immediate action to isolate and protect its network, its online systems and services were massively disrupted, its website went down, and it initially lost access to even basic communication tools such as email.

On January 15, it began a phased return of certain key services, starting with the restoration of a reference-only version of its main catalog. However, the disruption to some of its operations is expected to persist for months, possibly until next fall or even longer.

In total, the cost of recovering the British Library’s IT systems is estimated to be as high as £7 million, which represents about 40% of its unallocated cash reserves. 

Key learning

To help prevent lengthy and costly recoveries in the event of a successful ransomware attack, organizations must update their cyber resiliency measures, including putting a disaster recovery plan in place. 

Having a disaster recovery plan in place that is well-designed and regularly maintained can help organizations minimize downtime, reduce financial losses, protect critical data, and provide peace of mind for employees. 

5. TruePill data breach

Date: August 2023

Impact: Data breach impacting 2.3M patients

Truepill experienced a data breach in late August, which exposed the personal data of more than 2.3 million patients. Postmeds, the parent company behind TruePill, published a data breach notice that explained that the attackers accessed files containing sensitive patient data, including names, unspecified demographic information, medication type, and the name of the patient’s prescribing physician.

While the company did not say how its systems were compromised or what specific measures it implemented to prevent future breaches, a class action lawsuit alleges that the cybersecurity incident was the result of inadequate data security measures — including the failure to encrypt sensitive healthcare information stored on its servers.

Key learning

Healthcare is one of the most targeted industries by threat actors. In 2022, 89% of the healthcare organizations experienced an average of 43 attacks in the past 12 months, which equates to almost one attack per week. The healthcare industry was also the most common victim of third-party breaches in 2022, accounting for almost 35% of all incidents.

While third-party security is critical across industries, it’s particularly important in the healthcare industry due to its susceptibility to cyber attacks. Conducting third-party risk assessments, tracking metrics and KPIs like pass rate for security questionnaires, and using automation can help strengthen a healthcare organization’s third-party risk management program and protect it from data breaches like this one.

6. 23andMe hack

Date: October 2023

Impact: Data breach impacting 6.9 million users

23andMe disclosed that hackers accessed about 14,000 accounts in a cybersecurity incident in October. The scope ended up being much larger due to 23andMe’s DNA Relatives feature, which matches users with their relatives. By accessing those 14,000 accounts, hackers were also able to access the profile information of millions of other users. In total, the data breach is known to affect roughly half of 23andMe’s total reported 14 million customers.

When disclosing the incident in October, 23andMe said the data breach was caused by customers reusing passwords. Hackers were able to use publicly known passwords released in other companies’ data breaches to brute-force the victims’ accounts.

Key learning

While the 23andMe breach showed the impact that poor password hygiene can have on data security, it also highlighted the need for organizations to take responsibility for protecting user data. 

Maintaining a strong incident response plan is one security tactic that organizations can implement. For example, following the data security incident, 23andMe required all users to reset their passwords and now requires all new and existing users to use two-step verification when logging in to the website. 

7. Mr. Cooper ransomware attack

Date: October 2023

Impact: Data breach impacting 14.7M customers and $25Min response and recovery costs

After reviewing a cyberattack that took place in October 2023, Mr. Cooper determined that personal data on every current and former customer of Mr. Cooper Group was stolen, which amounted to more than 14 million people. 

Mr. Cooper shut down multiple systems after it discovered the cyberattack, which prevented millions of customers from making payments and processing mortgage transactions. The company set up alternative payment methods for customers after the attack, including by phone, mail service, Western Union and MoneyGram..

The mortgage and loan giant expected vendor expenses related to its response, recovery, and identity protection services to reach $25 million in the fourth quarter.

Key learning

Mr. Cooper is just one of many financial services firms that was hit by a suspected ransomware attack in 2023. Other notable examples include LoanDepot, Fidelity National Financial, and First American Financial. 

Since these cyberattacks undermine the security and confidence in national and international financial systems and endanger financial stability, regulatory expectations for all financial services institutions have increased. More regulation has passed, expanded, or been increasingly enforced to ensure these institutions have a comprehensive information security program in place, including the FTC Safeguards Rule and New York Department of Financial Services (NYDFS) NYCRR 500. 

Meeting these regulatory requirements can not only help avoid penalties and fines — it can also help protect the security and confidentiality of customer information held by financial institutions.

8. Dollar Tree third-party breach

Date: August 2023

Impact: Data breach impacting 2M people

In August 2023, Dollar Tree was impacted by a third-party data breach affecting approximately 1.98 million people. One of its vendors, Zeroed-In Technologies, LLC, suffered a security incident in which threat actors stole the information of Dollar Tree and Family Dollar employees and customers, including names, dates of birth, and Social Security numbers (SSNs).

Allegedly, Dollar Tree shared the private, unencrypted information of its employees and customers with Zeroed-In, which stored that information in an unencrypted, Internet-accessible environment on its public network. An unauthorized party then gained access to the company’s systems. 

Key learning

Many organizations work with outside vendors to cut down on costs or better serve customers, which requires them to share access to sensitive information with third parties. That means organizations must put the same amount of scrutiny on the risk management practices of outside vendors as they do their own.

A vendor risk management program provides companies with visibility into who they work with, how they work with them, what security controls each vendor has implemented, and their security posture over time, which can help them identify potential threats before they impact their business. 

9. DP World Australia cyber attack

Date: November 2023

Impact: Major disruptions to operations that led to 30K shipping container backlog

DP World Australia is one of the country's largest ports operators and manages approximately 40% of Australia’s total flow of goods. In November 2023, it experienced a cyber attack that crippled its operations at container terminals in Melbourne, Sydney, Brisbane, and Fremantle. 

Once it detected unauthorized access to the company’s Australian corporate network, DP World Australia disconnected the network from the Internet in order to contain the incident. This shut down port operations across Australia for three days, prompting a backup of some 30,000 shipping containers. 

Key learning

The DP World cyber attack represents one of the latest large-scale criminal attacks on critical infrastructure and has prompted demand for governments to prioritize and invest in cybersecurity measures, especially for critical infrastructures like ports. The demand is especially high in Australia, since attacks against the country’s critical infrastructure, businesses and homes have surged recently, with one attack happening every six minutes according to the Australian Cyber Security Centre.

Cybersecurity measures can help protect the availability and resilience of critical infrastructure and the essential services it provides.

10. Ardent Health Services ransomware attack

Date: November 2023

Impact: Critical care impacted in at least three states

Ardent Health Services owns and operates 30 hospitals and more than 200 sites of care with more than 1,300 aligned providers in six states. When it was hit by a ransomware attack in November 2023, the company proactively took its network offline, suspending all user access to its information technology applications.

This resulted in disruptions to operations in facilities across multiple states. Some had to reschedule non-emergent, elective procedures and divert emergency room patients to other area hospitals until systems were back online. Patients also reported being unable to refill prescriptions and make appointments online, and having their procedures rescheduled or postponed.

Key learning

According to a report by the FBI’s Internet Crime Complaint Center (IC3), the FBI received 870 reports of ransomware attacks aimed at organizations belonging to 16 critical infrastructure sectors and the healthcare sector topped the list with 210 reports of ransomware attacks.

Increasingly sophisticated and malicious cyber campaigns targeting critical infrastructure like the example above threaten the public and private sector as well as the American people’s security and privacy. In response, the US government has created several information security standards and frameworks for reducing risk and improving data security. 

Federal contractors and government agencies typically comply with these standards and frameworks, but any organization can benefit from implementing these stringent and comprehensive requirements. Doing so will have important ramifications for the public sector, the private sector, and ultimately national security and privacy.

Cyber attack trends

1. AI-generated attacks

Cybercrime is expected to cost $10.5 trillion globally by 2025 and one major driving factor is AI. AI not only lowers the bar for entry into cyber crime — it also enhances their capability by improving the scale, speed, and effectiveness of existing attack methods.

The rapid advancement of AI technologies, particularly generative AI, is expected to lead to an increase in all cyber attacks, according to Britain’s GCHQ spy agency. They specify that a surge in ransomware attacks and large-scale phishing and disinformation campaigns that use more convincing fake audio, video, and images is likely.

2. Global scale

Nation-state actors are increasingly leveraging cyber capabilities to conduct global-scale attacks, targeting critical infrastructure, multinational corporations, and supply chains. These attacks often involve cross-border collaboration between cybercriminal groups, hacktivists, and state-sponsored actors. This poses significant challenges for international cybersecurity efforts and will require enhanced cooperation among governments and private sector entities to mitigate threats. 

3. Ransomware

Back in 2021, cybersecurity authorities in the US, Australia, and UK observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. 

Ransomware continues to be the biggest global threat and is likely to increase in the coming years due to advancements in AI and threat actors employing increasingly sophisticated techniques, including double extortion tactics and supply chain compromises. The emergence of ransomware-as-a-service platforms has also democratized access to ransomware tools, enabling even more cybercriminals to participate in extortion schemes.

How to prevent cybersecurity attacks

The tips below can help your organization mitigate the likelihood and impact of cyber attacks.  

1. Provide security awareness training to employees

A comprehensive training program can help employees understand common cyber threats such as phishing attacks, social engineering tactics, and malware, identify suspicious emails, links, and attachments, and understand the importance of following best practices and reporting any security incidents promptly.

Having a program in place that trains employees as they onboard and on a recurring basis about cybersecurity best practices, common threats, and their roles and responsibilities in safeguarding sensitive information can help your organization reduce the risk of human error leading to cyber attacks and breaches. It can also help you meet security and privacy compliance requirements for SOC 2®, HIPAA, PCI DSS, GDPR, and other frameworks. 

2. Implement security controls to reduce your risk exposure

You can reduce your organization’s exposure to some types of cyber attack on systems that are exposed to the Internet by implementing security controls like:

• Malware defenses
• Boundary firewalls and internet gateways
• Password policy
• User access controls
• Patch management

3. Comply with cybersecurity standards and regulations 

Compliance frameworks require organizations to implement robust security measures, establishing a baseline of protection against cyber threats. By adhering to these standards, organizations must conduct regular risk assessments, identify vulnerabilities and potential attack vectors, and implement technical and administrative safeguards. These controls bolster defenses and mitigate the likelihood and impact of cyber attacks.

How Secureframe can help bolster your cybersecurity posture

Organizations today are challenged with mitigating increasingly complex risks and threats and continuing to comply with an increasing depth and breadth of regulation.

Secureframe can help by simplifying and automating manual tasks related to security, privacy, and compliance. With Secureframe, you can:

• Consolidate compliance and risk data in one source of truth via 200+ native integrations and the Secureframe API.
• Automate cloud remediation, risk assessments, policy management, and security questionnaires with AI.
• Closely monitor and manage your third-party vendor relationships.
• Conduct continuous monitoring to look for gaps in controls to maintain continuous compliance
• Automate the assigning, tracking, and reporting of required security and privacy compliance training.
• Get personalized advice based on your company’s unique risks and industry requirements from our in-house compliance team.

To learn more about how Secureframe can play an integral part in enhancing your security and compliance posture, request a demo today.