Channel Futures' Top 10 Cybersecurity Stories of 2023
Our top 10 countdown of cybersecurity stories features Cisco's acquisition of Splunk, the rise of AI and the MGM Resorts attack. But what was No. 1?
![Top 10 Cybersecurity stories of 2023 Top 10 Cybersecurity stories of 2023](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta5ce965e16988703/658436c679dae7040a5b0f0a/Cybersecurity_Top_10.jpg?width=700&auto=webp&quality=80&disable=upscale)
NicoElNino/Shutterstock
In February, Dish Network suffered a widespread outage attributed to a ransomware attack in which personal information was likely stolen by malicious hackers.
In a U.S. Securities and Exchange Commission (SEC) filing, Dish said the network outage affected internal servers and IT telephony. In late March, Dish was still working to get all of its operations up and running. Customers were still struggling to access certain services such as HBO Max and other third-party streaming services, access their accounts and reach customer-service call centers. In addition, customers waited for updates on whether their personal information was compromised.
Dish faced at least two shareholder class-action lawsuits in response to the attack and ensuing outage.
According to Recorded Future, the ransomware attack leaked the personal information of nearly 300,000 people.
A former child hacker told us at Black Hat USA 2023 should have served as a “wake-up call” that “we’re on the precipice of something truly disastrous.”
Paul Dant, Illumio‘s senior director of cybersecurity strategy and research, started hacking at the age of nine. We spoke with him for our Black Hat USA edition of The Gately Report.
While Black Hat grows bigger and bigger, “our overall feelings about security posture in general get worse and worse each year,” he said.
“These ransomware actors started out …with the proclamation that they would not go after health care, they’re not going to go after hospitals,” Dant said. “That’s been tossed to the side now because they’re financially motivated. We’ve seen so many close calls. We see regional microcosmic aspects of potential impacts to society. When a hospital is turning patients away and sending them to other emergency rooms because they can’t get their computers to work, that tells me we’re really close to something that we don’t want to see, something really catastrophic. I see these security conferences explode every year, more and more, and I hope that we’re reaching that wake-up call where we acknowledge that we are on the precipice of something like that.”
The Israel-Gaza war prompted by widespread attacks by Hamas brought a new wave of cyberattacks across the region.
Israel is known as a global cybersecurity hub and numerous cybersecurity companies based there have been impacted by the conflict. For example, two Check Point Software Technologies employees were killed on the first day of the war. In addition, about 5% of the Tel Aviv-based company’s global workforce, or about 300 workers, were called up to the Israel Defense Forces (IDF) reserves.
A threat advisory by Radware showed a surge in cyberattacks against Israeli targets coinciding with Hamas’ attacks. Between Oct. 2 and Oct. 10, Israel by far was the most distributed denial of service (DDoS)-attacked state claimed on Telegram. Israeli websites were targeted 143 times, primarily by pro-Palestinian and in a few cases by pro-Russian hacktivists.
In September, Microsoft reported the corporate account of one of its engineers allowed a China-based threat actor to gain access to email accounts as early as 2021 to spy on the U.S. State and Commerce departments, and other U.S. government agencies.
Chinese threat actor Storm-0558 gained access to email accounts affecting about 25 organizations in the public cloud, including government agencies and consumers. That’s according to a Microsoft blog detailing the results of its investigation.
In July, Microsoft reported a cyberattack that gave nation-state actors access to email accounts of high-ranking officials. The perpetrators gained access to Outlook Web Access in Exchange Online (OWA) and Outlook.com.
Zane Bond, head of product at Keeper Security, called the breach “catastrophic” and said highly sensitive government employee emails were compromised.
In September, a massive cyberattack on MGM Resorts impacted operations at numerous hotels and casinos on the Las Vegas strip, including the MGM Grand, Bellagio, Aria, Mandalay Bay and more.
The company had to shut down substantial parts of their computer systems, leading to casino floor shutdowns, hotel keycards not working and internal email outages.
Ransomware-as-a-service (RaaS) group ALPHV, also known as BlackCat, claimed responsibility for the massive MGM Resorts breach in a post on the dark web, according to Check Point Research (CPR).
According to MGM Resorts’ filing with the SEC, the ransomware attack cost the entertainment giant over $100 million, including $10 million in one-time consulting cleanup fees.
In October, the SEC charged SolarWinds and its CISO, Timothy G. Brown, with fraud and internal control failures in connection with the massive breach disclosed in late 2020.
The SEC complaint alleges that, from at least its October 2018 initial public offering (IPO) through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed Sunburst, SolarWinds and Brown defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.
In its filings with the SEC during this period, SolarWinds allegedly misled investors by disclosing only "generic and hypothetical" risks at a time when the company and Brown "knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time," the SEC said.
SolarWinds sent us the following statement regarding the SEC charges:
"We are disappointed by the SEC’s unfounded charges related to a Russian cyberattack on an American company and are deeply concerned this action will put our national security at risk. The SEC’s determination to manufacture a claim against us and our CISO is another example of the agency’s overreach and should alarm all public companies and committed cybersecurity professionals across the country. We look forward to clarifying the truth in court and continuing to support our customers through our secure by design commitments."
Cybersecurity providers joined the barrage of companies doing business in the channel that announced layoffs impacting tens of thousands of workers.
Among cybersecurity providers shedding workers were Secureworks, Rapid7, HackerOne, Trellix, Sumo Logic, Microsoft, Zscaler, Splunk, Sophos, OpenText and more.
Most of the companies blamed tough economic conditions, and many of the cuts were made as part of an overall restructuring.
While the frequency of layoffs has slowed in recent months, the announcements are still coming. For example, last month Splunk announced layoffs impacting around 500 workers, and in late October Exabeam announced layoffs impacting 20% of its global workforce amid continuing and challenging macroeconomic conditions.
Artificial intelligence (AI) and cybersecurity took center stage at high-profile cybersecurity conferences.
At RSAC 2023, a top message for attendees was the need for good AI to fight cybercriminals who use bad AI.
Rohit Ghai, RSA’s CEO, discussed new challenges that AI puts on the cybersecurity community.
“AI will challenge our identity, our role in this world,” he said. “Bad AI will take us for a ride and identity is a sitting duck.”
The first technology wave was the internet and the second wave was mobile cloud, Ghai said. AI is the third wave, and it’s so loud “we can all hear the waves crashing.” AI can pass the bar exam, and create polymorphic malware.
The opening keynote at Black Hat USA focused on the AI and ChatGPT race among tech giants, and what the future of AI could mean for the cybersecurity community.
Maria Markstedter, founder of Azeria Labs, said AI systems and their use cases are evolving and capabilities are becoming more powerful.
AI models today are “more like a troubled teenager,” Markstedter said.
“It lies, it makes stuff up, conspires and is completely unpredictable, yet people trust it. So thankfully it is now in the safe hands of big tech companies racing against time to compete for market penetration,” she joked.
That comment got a big laugh from the audience. Microsoft is leading the race in generative AI and ChatGPT, rushing to add ChatGPT to all of its products, Markstedter said.
“This race comes as no surprise because whenever the world is shifting toward a new type of technology, corporations are racing to dominate the market,” she said. “And corporate races are not driven by a concern for safety and security. As we all know, security slows it down.”
MOVEit Transfer hacks have impacted at least 2,690 organizations and more than 91 million individuals, according to Emsisoft.
MOVEit is a file transfer platform made by Progress Software. Thousands of governments, financial institutions, and other public and private sector bodies globally use the platform to send and receive information.
In late May, data started to be transferred from hundreds of MOVEit deployments, according to Emsisoft. However, these were not normal file transfers initiated by legitimate users. The data was stolen by a ransomware operation called Cl0p.
Among victims of MOVEit Transfer attacks were the U.S. Department of Health and Human Services, the U.S. Department of Energy, California Public Employees’ Retirement System (CalPER), the California State Teachers Retirement System (CalSTRS), EY and the BBC.
And the victims continue piling up. Delta Dental of California has disclosed that nearly 7 million patients' personal data was compromised in a May MOVEit Transfer breach.
In September, Cisco announced it is acquiring Splunk for $28 billion and anticipation is running high on the market impact once the deal closes.
Eric Parizo, managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa), said the acquisition is a “true bombshell move” that will have a “seismic” impact on the entire enterprise cybersecurity landscape, and may foreshadow more consolidation.
The deal will immediately make Cisco one of the dominant players in next-gen security information and event management (SIEM), a market segment that Omdia forecasts will grow to nearly $4 billion in global annual revenue by 2027, he said.
“Splunk’s established position as a premium offering with the deep resources of Cisco’s global salesforce should present immediate upsell opportunities,” Parizo said.
Cisco told us Splunk’s security capabilities complement its existing portfolio, and together will provide “leading security coverage from devices to applications, to clouds.” The integration of Cisco’s extended detection and response (XDR) and Splunk’s SIEM offering will give customers a “comprehensive security platform for threat detection and response.”
In September, Cisco announced it is acquiring Splunk for $28 billion and anticipation is running high on the market impact once the deal closes.
Eric Parizo, managing principal analyst at Omdia, which shares a parent company with Channel Futures (Informa), said the acquisition is a “true bombshell move” that will have a “seismic” impact on the entire enterprise cybersecurity landscape, and may foreshadow more consolidation.
The deal will immediately make Cisco one of the dominant players in next-gen security information and event management (SIEM), a market segment that Omdia forecasts will grow to nearly $4 billion in global annual revenue by 2027, he said.
“Splunk’s established position as a premium offering with the deep resources of Cisco’s global salesforce should present immediate upsell opportunities,” Parizo said.
Cisco told us Splunk’s security capabilities complement its existing portfolio, and together will provide “leading security coverage from devices to applications, to clouds.” The integration of Cisco’s extended detection and response (XDR) and Splunk’s SIEM offering will give customers a “comprehensive security platform for threat detection and response.”
2023 was another big year for cybersecurity news. The top cybersecurity stories included cybercriminals once again upping their game, economic headwinds taking a toll on providers and a “true bombshell” acquisition that will have a big impact on enterprise cybersecurity in 2024 and beyond.
This was the year in which artificial intelligence (AI) and cybersecurity took center stage. This includes using good AI to fight the bad guys using AI.
This was also the year in which cyberattacks racked up thousands of victims with MOVEit Transfer hacks and a ransomware attack on MGM Resorts nearly shut down a major part of the Las Vegas strip.
We have assembled our list of this year's top cybersecurity stories, those that impacted Channel Futures readers most. We present our picks in the slideshow above, starting with No. 10 and counting down to No. 1.
About the Author(s)
You May Also Like