It appears that the breach of file transfer service MOVEit was one of the biggest cyberattacks of 2023, despite it being a year that saw the emergence of some dangerous new trends and tactics.
A new report from ESET examined the top cyber incidents of the second half of 2023 and noted that what made the MOVEit breach unique, aside from its widespread impact, was the fact that Cl0p, the gang behind the attack, had not actually deployed any ransomware.
It also leaked stolen data from victim organizations to a public website, another example of a new tactic being employed by cybercriminals. This was imitated by the infamous ALPHV/BlackCat ransomware gang, which was also present this year.
Emerging trends
In its report, ESET notes that due to the sheer size of the MOVEit hack, it was likely too much effort for Cl0p to encrypt every victim it knew. ESET cites figures from Emsisoft that estimate the number of affected organizations at more than 2,600 after six months.
The victims ranged from government agencies, schools and healthcare to large companies such as Sony and PricewaterhouseCoopers (PwC).
Another emerging trend this year is the rise of attacks involving AI, which is not surprising given the boom the technology has experienced in the wake of ChatGPT's public release in November 2022.
Many campaigns targeted users of AI tools such as ChatGPT, creating fake domains that resembled 'ChatGPT' in their wording. Such domains include web apps that use the OpenAI API keys in an insecure manner, threatening users' data privacy.
Also this year, the Lumma stealer was on a rampage, which was very successful in stealing crypto wallets. It alone was responsible for a 68% increase in crypto theft this year, accounting for 80% of detections in this sector. The Lumma malware has also stolen login credentials and other information, with the total number of Lumma detections tripling between the first half and the second half of 2023.
And the ever-present Magecart threat, which has plagued retailers since 2015, still remains strong – in fact, it has even grown this year. It injects code into unsecured websites to steal users' information, such as their credit card details. The number of detections increased by 343% between 2021 and 2023.
Jiří Kropáč, director of threat detection at ESET, concludes that “these developments demonstrate an ever-evolving cybersecurity landscape, with threat actors using a wide range of tactics.” With the rise of AI and the constantly evolving tactics of threat actors, it appears that attacks will only get worse next year.