Summer is here, and things are heating up in the cybersecurity sphere. June saw a third-party vulnerability spiral into the furthest-reaching cyber attack of the year thus far, while separate attacks cut into summer plans for gamers, vacationers, and commuters alike.
June’s Biggest Cyber Attacks
MOVEit Data Is on the Move
June’s biggest data breach is one that will continue to reverberate, as the MOVEit cyber attack is shaping up to be one of the most consequential in recent memory. MOVEit is a widely used file-transfer system designed to consolidate an organization’s transfer activities into a single tool.
Starting on Memorial Day weekend, thieves exploited a zero-day vulnerability in the software to steal data from a dizzying range of organizations around the world in attacks that one security expert called the online equivalent of “smash-and-grab” thefts from vehicles.
MOVEit parent company Progress Software reported the breach on May 31 and issued a patch for the exploit, but many companies did not install the fix quickly enough to avoid a breach. While it was clear from the start that the exploit was widespread, the scope continued to balloon throughout the month of June.
In the middle of the month, the Russian-speaking hacker group Clop began posting the names of dozens of organizations whose data was stolen in the attack. New victims were still being identified as June drew to a close, with no obvious end in sight.
The list of victims so far includes governmental departments, major tech companies, educational institutions, and many more. Among the confirmed breaches are:
- U.S. Department of Health and Human Services
- U.S. Department of Energy
- Oil company Shell
- Payroll company Zellis
- Province of Nova Scotia
- Vancouver Transit Police
- States of Illinois, Minnesota, and Missouri
- University of California-Los Angeles
- Cybersecurity company Gen/Norton
- IT company Pricewaterhouse Coopers
- Accounting firm Ernst & Young
- Siemens Energy
- Schneider Electric
- Oregon Department of Motor Vehicles
- Louisiana Department of Motor Vehicles
- New York Department of Education
With the Clop group still demanding ransom payoffs and more victims emerging by the day, this seems to be a situation that will impact the cybersecurity world for many months to come.
Records Exposed: Total scope is unknown, but includes personally identifiable information for customers and employees, as well as business and operational documents.
Type of Attack: Third-party security exploit
Industry: You name it, Clop breached it
Date of Attack: May 27, 2023 — Ongoing
Location: Worldwide, likely originating from a Russian-speaking region
Key takeaway: The MOVEit breach is one of the clearest illustrations of just how wide-reaching a single cybersecurity incident can be.
What initially appeared to be a fairly small-scale attack has now snowballed into a major data heist that touched organizations of all sizes, in all walks of business and government, and in nearly every corner of the globe. It’s also a reminder for organizations to act quickly when third-party providers issue patches and fixes to known security issues. MOVEit and Progress Software acted swiftly in sending out a patch, but many organizations did not take advantage of it in time to prevent a data theft.
Hackers Cause Trouble at the Pumps for Canadian Drivers
A cyber attack on Canadian energy giant SunCor left cashless motorists’ tanks empty in late June. Credit card readers at Petro-Canada stations went down across the country following a June 24 breach, leaving locations to operate on a cash-only basis. Customers were also locked out of the company’s apps and online accounts, denying them access to points and rewards programs. Some SunCor employees also reported difficulty accessing internal accounts.
Although services were mostly restored within a few days, an outage during a busy summer travel weekend created headaches and chaos across Canadian roadways. Some customers who weren’t carrying cash reported running out of gas and having to be towed to another station. One cybersecurity expert even compared the potential impact of the attack to last year’s devastating Colonial Pipeline breach.
At the time of this writing, the full nature of the attack and any potential culprits had not been disclosed, but it bears many earmarks of a ransomware incident.
Records Exposed: Unknown. Credit and debit card services disrupted, apps and rewards programs taken offline.
Type of Attack: Possible ransomware
Date of Attack: June 24, 2023
Key takeaway: Cybersecurity incidents that cause mostly internal damage are bad enough, but the fallout from a public-facing breach can be all the more impactful. In this case, SunCor found itself battling to not only rectify the cyber attack within its own systems, but also responding to confused and angry customers across the country. That kind of multi-pronged dilemma can be extremely costly from both a tech and a public relations standpoint.
Blizzard Gamers Get Frozen Out By DDoS
Some of the biggest titles in online gaming were out of commission over a busy summer weekend after a direct denial of service (DDos) attack on Blizzard Entertainment. Gamers eager to engage with massively popular games such as “World of Warcraft,” “Call of Duty,” and “Diablo IV” found themselves frozen out from signing in to their accounts for much of the day on June 25.
The Activision Blizzard servers that authenticate users were flooded with requests from unknown attackers, creating a logjam that essentially rendered many Blizzard titles unplayable. Blizzard acknowledged and apologized for the outage on social media, and notified gamers when the attacks eventually stopped.
As of this writing, no organization has taken credit for the DDoS incident, although some industry observers have pointed to Activision Blizzard’s long record of corporate controversies as a possible motivation.
Records Exposed: N/A
Type of Attack: Direct denial of service
Industry: Gaming and entertainment
Date of Attack: June 25, 2023
Location: Santa Monica, California
Key takeaway: While this service outage will probably be nothing but a blip for Activision Blizzard, the revenues lost from even a brief shutdown are substantial.
The gaming industry attracts a large number of tech-savvy users, which can create problems when those customers feel wronged or slighted. That makes vengeance-minded attacks — of which this may be one — a constant concern for companies like Blizzard.
No matter your level of online activity, the odds are good that you dealt with a company or organization that was impacted by one of June’s biggest cyber attacks. This should stand as a reminder that no business is immune to the pervasive reach of cybercrime, and that a proactive posture is more effective than reacting after the fact.
Learn more about common attack vectors and how to keep your organization safe.
Explore the cybercrime ecosystem and understand how partnering with a security operations provider can stop attacks before they begin.