Top 10 Cyberattacks of 2023

Some of the largest and most damaging cyberattacks on record occurred in 2023 — and MSSP Alert covered them all.

These incursions into business and government’s most sensitive and critical information and data foreshadow a new year when we can expect even more ransomware, malware, phishing — you name it — attacks. More than ever, MSSPs, MSPs and all cybersecurity providers will need to raise their game to protect their customers, themselves included, from the endpoint and beyond.

Here are the top 10 cyberattacks MSSP Alert covered in 2023, including some (dis)honorable mentions:

No. 1: Johnson Controls Ransomware Attack

In late September, Johnson Controls, a technology provider specializing in smart and sustainable buildings and spaces, received a $51 million ransomware demand from the Dark Angles hacking crew to provide a decryptor and to delete stolen data. The digital hijackers claim to have pilfered some 27 terabytes of data and encrypted the company’s ESXi servers in the attack. Of particular concern was that the hack might have included sensitive Department of Homeland Security (DHS) data revealing security information on third-party contracts along with physical floor plans of certain agency facilities.

No. 2: MGM Customer Data Stolen

Hackers lifted the personally identifiable information of some 10.6 million MGM Resorts customers in September. As a result, MGM expected a $100 million hit to its financial report that quarter, although the company expected its cyber insurance to cover the cost. MGM reportedly refused to meet the hackers’ ransom demand. However, Caesars Entertainment, which was also hit by a recent ransomware attack, is believed to have paid about half of the $30 million demanded by the hackers to prevent the disclosure of stolen data.

No. 3: Dollar Tree Supply Chain Attack

Discount retailer Dollar Tree was hit by a supply chain cyberattack in August that compromised the personal information of approximately 2 million people after a digital break-in of third-party service provider Zeroed-In Technologies. Dollar Tree, which operates roughly 16,000 eponymous and Family Dollar outlets in North America, was struck in a manner reminiscent of the massive 2020 Russian-backed attack on SolarWinds.

No. 4.: Australian Port Operations Crippled

Cyberattacks on critical infrastructure peaked when DP World Australia’s operations were crippled in November, forcing the port operator to close four major terminals. The attack, impacting ports in Sydney, Melbourne, Brisbane and Fremantle, brought movement of some 30,000 shipping containers to a standstill, as stockpiling eventually surpassed available storage space. The attack came on the heels of a cyber assault on China’s Industrial and Commercial Bank of China.

No. 5: Russia-Ukraine Cyberwar

Wars today are fought across land, sea and air as much cyberspace, so we have seen during the Russia-Ukraine War. Over the course of the ongoing conflict, MSSP Alert has delivered updates to its “Cyberattack and Kinetic War Timeline.” To combat its Russian cyber adversaries, the Ukrainian National Center for Cybersecurity Coordination and IP3 International, an energy security developer, announced in October the formation of the Collective Defense AI Fusion Center (CDAIC) in Ukraine. The CDAIC will promote collaboration between Ukraine and its allies to protect against cyberattacks. We recently learned, accordingly to a Reuters report, that Russian hackers had infiltrated Ukrainian telecommunications Kyivstar's system since at least May 2023.

No. 6: Rapid Reset — The “Largest Attack in Internet History”

Cloudflare helped identify and address a global zero day security vulnerability that gives cybercriminals the ability to launch attacks larger than anything the internet had seen before. In response, Cloudflare developed technology that automatically blocks any attacks that exploit the vulnerability. Cloudflare found the vulnerability, "HTTP/2 Rapid Reset," in August 2023, which was developed by an unknown threat actor and exploits the standard HTTP/2 protocol — essential to the operation of the internet and most websites. As Cloudflare experienced a Rapid Reset attack itself, the company embraced an "assume-breach" mindset, working with industry partners to find the best way to mitigate the attack. At the peak of the Rapid Reset DDoS campaign, Cloudflare recorded and handled over 201 million requests per second (Mrps) and the mitigation of thousands of additional attacks that followed.

No. 7. Chinese Hackers Break Into U.S. Government Sites

In July, MSSP Alert reported that China-based hackers had covertly tapped into email accounts at more than two dozen organizations since May, including the U.S. State and Commerce departments. Some 25 organizations along with related consumer accounts of individuals associated with the agencies were among those infiltrated by the cyber crew. The email account of Secretary of Commerce Gina Raimondo was among those hacked.

No. 8: Cl0p Russian Ransomware Attacks

A number of U.S. government agencies were hit by the same Cl0p Russian ransomware group that conducted the MoveIT operation, again exploiting the popular large file transfer system to access records and documents. The U.S. Department of Energy confirmed it was among those impacted. The attack came on the heal of attacks that Cl0p initiated against the states of Illinois and Minnesota computer networks, the British Broadcasting Company (BBC), British Airways, Canada’s Nova Scotia province, Shell Oil, a retail chain in the U.K. and the Walgreen’s pharmacy, among other entities.

No. 9: Dish Network Data Leaks

Satellite television provider Dish Network reported in an 8-K Securities and Exchange filing dated February 28, 2023, that it had experienced an exfiltration of “certain” but unidentified data. Dish shut down its internal communications, customer call centers and internet sites as a result. At the time, Dish did not provide any details about which cyber crew may have been behind the attack, nor if a ransom note was left, how much was demanded and if the company had paid it.

No. 10: T-Mobile Cyberattack Impacts 37 Million

U.S. mobile carrier T-Mobile reported a cyberattack in January confirmed that 37 million customers were impacted by the data breach. No passwords, payment card information, Social Security numbers, government ID numbers or other financial account information were compromised, T-Mobile said. Some basic customer information was obtained, nearly all of which is the type widely available in marketing databases or directories, the company said. The information included the name, billing address, email, phone number, date of birth, account number and information such as the number of lines on the account and service plan features.

Notable Cyber Incidents From MSSP Alert’s 2023 Coverage

Contributing editor D. Howard Kass contributed to this story.