February 2024 Security Update: Research Shows 2023 Will Go Down in History as a Record-Breaking Year for Cyberattacks

Statistics show the cyberattack landscape was more active than ever in 2023. It begs the question, “What’s in store for 2024?”

security-breach-attack

Report Found Cyberattack Attempts More Than Doubled in 2023

In The Anatomy of Cybersecurity: A Dissection of 2023’s Attack Landscape, Armis reports that global attack attempts increased by 104% in 2023, with utilities (200% increase) and manufacturing (165% increase) most at risk. The report also states that cybersecurity blind spots and critical vulnerabilities are worsening.

Action Items:

Key findings in the report suggest looking at these areas to strengthen cybersecurity:

  • Upgrade legacy technology, such as Windows Server OS versions 2012 and older, which is 77% more likely to experience attacks.
  • Do not use solutions that have reached end of life (EOL) or end of service (EOS).
  • Patch all applications and devices, including wearables, prioritizing the most critical vulnerabilities.

Data Breaches Reach an All-Time High in 2023

According to the Identity Theft Resource Center’s Annual Data Breach Report, there were 3,205 tracked data compromises in 2023, a stunning 1,404 more than in 2023 and 1,345 more than in 2021 the previous record-breaking year.

Brian Soby, CTO and co-founder of AppOmni, offers his perspective: “Across the board, more and more data is being stored in cloud systems, either directly by consumers or companies processing data moving to cloud-based systems. Many of these systems are SaaS applications, which come with unique configuration, management, and continuous monitoring challenges that organizations must solve in order to properly safeguard data from being breached directly, and to avoid SaaS apps becoming footholds from which attackers can pivot into the corporate environment. SaaS apps have become a major part of the enterprise attack surface and contributed to an increase in data breaches.”

He adds that the data in the ITRC shows that although the number of data breaches is up, the number of victims is decreasing. “Attacks are getting more targeted. Criminals are getting better at understanding what is most valuable for their goals (identity theft, credit card theft, etc.), and targeting systems relevant to those goals. Attackers can target systems that hold customer/consumer data, or those highly likely to have PII, and get what they need more effectively,” he says.

Chris Hughes, CISSP, chief security advisor at Endor Labs and Cyber Innovation Fellow at the CISA, says another key finding in the report is the increase in supply chain attacks. “The industry’s dependency on open source software and its pervasiveness make it a compelling target for supply chain attacks. The combined attack surface of thousands of open source projects is much bigger than that of a given vendor’s development infrastructure. And attacking upstream open source projects also has the considerable advantage of spreading out to potentially many downstream consumers: If an attacker gets lucky and is able to inject malware into a highly successful open source project, thousands of direct and indirect downstream users can be infected in a snap.”

“Today, about 80% of code in modern applications is open source code. Most of that 80% are software dependencies that are automatically pulled into the codebase by other open source projects. This means that developers have very little visibility into most of the code they use today. And once you understand that, it makes sense that the majority of vulnerabilities are found in transitive dependencies (those dependencies that are brought in automatically, and are not directly used by the application),” Hughes says.

Action Items:

  • Comply with breach notification requirements, but also build a comprehensive security plan for identifying, preventing, detecting, and responding to security events.
  • Adapt security strategies to new company operations, such as remote work and shifting from on-premises systems to the cloud.
  • Educate your team on malware campaigns like typosquatting and dependency confusion.

Healthcare Sets a New Record for Data Breaches in 2023

Research by Healthnews found that data breaches put 135.2 million U.S. patient records in jeopardy. The number is more than the 2022 and 2021 records exposed in breaches combined.

Action Items:

  • Encourage decision-makers in this sector to prioritize cybersecurity; currently only 6% of their IT budgets are devoted to this area.
  • Implement a comprehensive data protection plan.
  • Read the full report here.

The Manufacturing Industry Experiences More Attacks in the Cloud Than Other Industries

Netwirx released findings from its research that although manufacturing has similar rates of cyberattacks overall, it is the most popular attack target in the cloud. Among manufacturers that detected an attack, 85% saw phishing, 43% saw user account compromise, and 25% faced data theft by hackers in the cloud. Reasons include the potential to move laterally among supply chain partners and compromise other organizations.

Action Items:

To address an ever-increasing attack surface, Netwirx suggests:

  • Enforce the Principle of Least Privilege.
  • Understand how and why data is used in the cloud and eliminate any unnecessary entry points for attackers.
  • Create a comprehensive security response plan to mitigate damage when incidents occur.

The “Human Firewall” Is Vital to Security

NordLayer’s cybersecurity expert Carlos Salas describes employees who comply with cybersecurity best practices as the “human firewall,” the first line of defense against cyberattacks.

Action Items:

To keep organizations safe, NordLayer suggests:

  • Encouraging employees to stay physically and psychologically aware, for example, of being suspicious of third-party USB sticks, suspicious links, and email attachments.
  • Keeping software updated.
  • Avoid connecting to public Wi-Fi without a VPN.
  • Never leaving laptops or phones unattended and unlocked.

Cannatech Company Exposes 2.5 Million Records

Würk, a Colorado-based HR platform for providing payrolls, managing the workforce, and compliance for the cannabis industry, accidentally made employee payroll, address, birth date, and some encrypted data publicly available. The incident resulted from a misconfiguration of MongoDB that eliminated the need to enter a password.

Action Items:

  • Würk reported that that data was not compromised.
  • Contact Würk if you identify any activity related to this incident or have questions.

Free Apps Sending Data to Russia and China

The Cybernews team conducted an experiment in which they installed the top 100 free apps from the Play Store, granted the permissions they requested and left them connected, but unused, for three days. The researchers report that the phone connected to various servers 6,296 times, and some requests landing in high-risk countries, including Russia and China. Notably, Yandex and Taobao were not installed on the phones; however, the phone reached out to Yandex servers and connected with Taobao.

Action Items:

  • Cybernews points out that the data collected by the services was not sensitive in general, people including journalists, activists, researchers, or others that could share information other governments would find interesting should be careful with the apps they download.
  • Block tracking services.

Ransomware News

Ransomware continues to evolve and dominate the threat landscape. Follow these developments related to ransomware:

  • NCC Group reports the CL0P cybercrime gang increased ransomware attacks by more than 700% in 2023, becoming the third most-active group. NCC also reports the number of active groups rose from 55 in 2022 to 64 in 2023. Download the NCC Group annual Threat Monitor Report for more information.
  • Lockbit was the most active ransomware gang in January – until the U.S. Justice Department, FBI, UK. National Crime Agency, and other international partners seized control of servers that the group used, disrupting its activity.
  • Cybernews studied the countries most targeted by ransomware, finding the top five are the U.S. UK, Canada, Germany, and France. Additionally, within the U.S., the most targeted states are:
    • California
    • Texas
    • Illinois
    • New York
    • Florida

Read Cybernews’ report of the Ransomware Landscape in 2023.

For more security updates and insights, visit DevPro Journal’s Security resources page.

Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.


Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.