The Top Cyber Attacks of May 2023

Share :

May often heralds the start of summer — warm weather, long days, and plenty of cybersecurity workers taking much needed time off. Cybercriminals however, are always at their monitors and love to take advantage of times when they know defenses may be down and this month was no different. 

May saw a wide range of cybercrime, including disruptions of schools and news organizations, a slow-burn in the tech sector, and public negligence from one of the web’s most well-known entities. 

Biggest Cyber Attacks of May 2023 

Criminals Stop the Presses at Philadelphia Inquirer 

Newshounds in the City of Brotherly Love had a harder time than usual getting the latest scoop, as a May 12 security breach took Philadelphia’s largest newspaper offline. The Philadelphia Inquirer took its system offline and paused publication of its Sunday, May 14 print edition after detecting “anomalous activity.” Fortunately, the Inquirer’s online edition remained mostly unaffected. The paper was able to release its Monday print edition, minus a few features such as classified ads.  

The incident took on a new aspect on May 24, when the ransomware gang known as Cuba took credit for the attack and posted what appeared to be a number of financial and internal documents from the Inquirer attack. After further investigation, however, the Inquirer declared that the posted material did not come from its system. The Cuba group took down the claim shortly thereafter, leaving it unclear what, if any, Philadelphia Inquirer data was stolen in the attack, as well as whose material was posted.  

Records Exposed: Financial and business documents of unknown origin 

Type of Attack: Ransomware 

Industry: Journalism 

Date of Attack: May 12, 2023 

Location: Philadelphia, PA 

Key takeaway: Cyber attacks on media outlets are not uncommon. Newspapers and similar publications house large amounts of subscriber and employee data and disrupting the publication schedule of a highly visible target is good publicity for any cybercrime group.

In this case, though, it appears that the criminals succeeded in creating a disruption, but perhaps not in committing theft. The Inquirer can probably count itself lucky to have dodged a bullet. The paper can also take pride in a well-handled data breach — a potentially devastating disruption was minimized, and the organization showed itself to be flexible and adaptable. 

Greek Schools Lose Service 

In what has been deemed “the most significant attack ever carried out against a Greek public or government organization,” an unknown threat actor launched a massive direct denial of service (DDos) attack on May 29 against Greece’s education ministry.

The attack came just as Greek students were preparing for their end-of-year university entrance exams using an online portal. The databank for the exam was hit with a staggering 165 million hits from computers spread across 114 countries, effectively grinding testing to a halt for two days.

Educational authorities were quick to assure students that the interruption would not affect their ability to take their exams, even if they needed to be put off longer than expected. Meanwhile, Greece’s Supreme Court has launched an investigation into who was behind the attacks and how they were executed. Politicians have also begun pointing fingers across parties, in an illustration of just how disruptive this kind of cybercrime can be.

Records Exposed: None, but major disruptions were incurred in a national education system 

Type of Attack: DDoS 

Industry: Education, government 

Date of Attack: May 29, 2023 

Location: Greece 

Key takeaway: Whatever happened to pulling the fire alarm to get out of a test? Phishing and ransomware get the headlines, but they’re far from the only flavors of cybercrime plaguing organizations.

This instance demonstrates that criminals without a direct financial motivation can still do major damage to their targets. A well-coordinated DDoS attack can sow havoc across an entire country, and once the ball is rolling, it can be very difficult to stop. 

Western Digital Hack Illustrates Attacks’ Longtail 

One of the most frustrating aspects of cybercrime is how slowly it can reveal its true extent. Take the case of computer drive manufacturer Western Digital. On March 26, Western digital was attacked.

On April 3, the company acknowledged that hackers had breached its system, with very little other information available. Shortly after, one of the criminals confirmed to TechCrunch that their group had purloined around 10 terabytes of data, including sensitive customer information.

In late April, Western Digital had apparently still not paid the criminals’ reported eight-figure ransom, leading the gang to release screenshots and taunting messages that suggested they still had access to the company’s internal systems. Finally, on May 8, Western Digital released a statement to customers, confirming that thieves had made off with a database from its online store, which included personally identifiable information and encrypted credit card numbers.  

Records Exposed: Personally identifiable information (PII) and encrypted financial information 

Type of Attack: Ransomware 

Industry: Technology 

Date of Attack: March 26, 2023 

Location: San Jose, CA 

Key takeaway: Cybercrime is especially frustrating for victims because it’s seldom clear when the damage has reached its peak. In this case, a data breach that happened in late March is still unfolding at the time of this publication in June. Western Digital attempted to rein it in but ended up attracting more attention when the criminals went the taunting route.

Organizations can, unfortunately, take days or weeks to investigate a possible breach, and with ransomware gangs are now using a “double extortion” technique, where information is released if the organization doesn’t pay in a timely manner. 

Multiple British Businesses Hit by Mass Hack 

What do British Airways, Boots, Aer Lingus, and the BBC all have in common? They’re all victims of a large-scale data breach. 

In what is becoming a more common tactic, hackers utilized a mutual piece of software to steal PII from multiple companies in one attack. The breached software? Progressive Software, specifically, the MOVEit Transfer tool, which is based out of the US. 

While it’s still unclear how many organizations have been impacted and how much data — which includes, PII, insurance information and banking information — a “large number” of organizations may have been hit. 

Records Exposed: Personally identifiable information (PII), insurance information, banking information, and more. 

Type of Attack: Supply chain attack 

Industry: Multiple 

Date of Attack: Last week of May 2023 

Location: United Kingdom 

Key Takeaway: As organizations digitize and become more interconnected, the attack surface widens and the possibility of third-party or supply chain attacks increases. It’s important to always vet vendors and make sure their security, along with yours, is as tight as possible.  

Ransomware Gang Targets Municipalities 

They say everything is bigger in Texas, and apparently that applies to cybercrime as ransomware gang Royal attacked the City of Dallas this month. The attack hit the police department, animal services, and other city databases. However, Dallas wasn’t the only city targeted. Curry County, Oregon reported a breach by the same gang on May 5, and Clarke County Hospital had data taken by the gang, with videos and information leaked online.  

The City of Dallas is still dealing with the fall out, reporting that while more than 90% of systems are back online, there’s still a lot of work to be done. It has not been publicly revealed what personal information, if any, was taken, or if the ransom threat remains.  

Records Exposed: Personally identifiable information (PII), insurance information, banking information, and more. 

Type of Attack: Ransomware 

Industry: Government 

Date of Attack: May 3, 2023 

Location: Dallas, TX 

Key Takeaways: Threat actors love targeting municipalities because they are often short on budget, understaffed, and operate on legacy systems. Not to mention the treasure trove of PII they deal with on a daily basis. Governments (and healthcare organizations like Clarke County Hospital) can make serious strides to keep themselves and their data systems safe.  

Honorable Mention: Facebook Learns the Cost of Not Protecting PII 

One of the world’s most visible tech companies was hit with one of the stiffest data-related penalties to date. According to a suit by Ireland’s Data Protection Commission, Facebook improperly handled users’ PII while transferring data between Europe and the United States. Ireland held that this represented a violation of the European Union’s strict General Data Privacy Regulation (GDPR), and the European Commission agreed, slapping Facebook’s parent company Meta with a 1.2 billion-euro fine.

True to form, Meta has not accepted the fine readily. The company claims that the complexity of its data transfer network makes the kind of privacy protections the EU is asking for prohibitively difficult. Privacy groups, meanwhile, say that’s exactly the point, and that the onus is on major data traffickers such as Facebook to ensure that all of that sensitive information is fully protected. This is the latest in a series of clashes between Meta and the GDPR, and it seems unlikely that it will be the last. 

Key takeaway: While no actual data breach was involved in this case, it stands as a much-needed reminder that outside criminals are not the only data threat that businesses need to be vigilant about. The GDPR set strict penalties for organizations that fail to protect EU users’ personal data, and this instance illustrates the Commission’s willingness to enforce its rules.

This data breach also serves as yet another illustration that third-party social media sites can be a serious vulnerability for organizations that use them to promote their businesses or communicate with customers. Social media is a necessary tool for most organizations, but it should never be forgotten that it is a flawed and vulnerable system. 

Learn more about common attack vectors and how to keep your organization safe. 

Explore the cybercrime ecosystem and understand how partnering with a security operations provider can stop attacks before they begin.  

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter