Stupid Human Tricks: Top 10 Cybercrime Cases of 2023 – Source: securityboulevard.com

Every year at this time, we look back at the year before in the vainglorious hope that we will learn from our past mistakes, and—like Lucy holding the football for Charlie Brown—hope that next year will be different. So here is my list (aided by ChatGPT) of the top 10 cybercrime cases from 2023. Remember, your mileage may vary. These are the cases that appear to be the most impactful—not the most extensive or expensive—just the most “interesting.”

I have gathered information on several major cybercrime cases from 2023. However, I was unable to find comprehensive details on all the top 10 cases, including specific charges and defendants’ names for each case. Here are the cases I found:

QakBot Malware Takedown (U.S. and others):

U.S. law enforcement, in cooperation with partners from six countries, unraveled the QakBot malware network, used for ransomware and data theft, that caused millions in damages. They seized about $9 million in cryptocurrency but didn’t announce any arrests. The attack represented an evolution in international criminal cooperation in cybercrime. Cops are still not close to being as organized as their criminal counterparts, and there’s still way too much red tape in getting cooperation and information across borders, but sometimes they can play nicely amongst themselves.

The Guardian Cyberattack (UK):

The Guardian newspaper was subject to a ransomware attack which impacted its internal systems and required staff to work remotely. Email phishing was identified as the initial attack vector, proving, of course, what we already knew: Nobody is immune.

Toronto SickKids (Canada):

The Hospital for Sick Children in Toronto was hit by a ransomware attack. The LockBit Group, responsible for the attack, apologized and provided unlock codes for the scrambled data. This represents the continuing trend of targeting healthcare entities for ransomware because—well, because they are most likely to pay the ransom.

FAA Incident (U.S.):

The U.S. grounded all flights due to issues with a critical FAA system, raising concerns about a possible cyberattack, though no evidence confirmed this. The FBI is investigating. While the attack incited much fear and loathing in the skies and the threat to SCADA and similar infrastructure is real, it remains mostly unrealized to date. This will change.

Cloud Exploitation by Automated Libra (South Africa):

Criminal groups used cloud computing resources for cryptocurrency mining. Palo Alto Networks’ Unit 42 investigated Automated Libra, which created over 130,000 accounts on cloud providers. Anything that can be used for good can be used for evil. Think AI. Or anything else.

LastPass Breach:

LastPass disclosed a breach where an intruder accessed encrypted data on a third-party cloud region. The incident raised concerns about the security of cloud-stored password data. Also, as systems become more interdependent, a breach of one infrastructure becomes a breach of them all.

Royal Mail Ransomware Attack (UK):

Royal Mail suffered a ransomware attack by an affiliate using LockBit Ransomware-as-a-service (RaaS). The attack disrupted international deliveries. Script kiddies go postal.

Hive Ransomware Gang Infiltration and Shutdown (U.S. and others):

The FBI, in collaboration with international authorities, infiltrated and shut down the Hive ransomware infrastructure. No arrests were made, but significant financial losses were prevented. Kudos to the bureau, but—no arrests?!

MOVEit Software Exploit (U.S. and others):

The Cl0p Russia-linked ransomware group exploited the MOVEit software from Progress Software Corporation, affecting over 2,000 organizations. We are only as strong as our weakest link, and that ain’t very strong.

Caesars Scattered Spider Attack (U.S.):

Caesars Entertainment suffered a data breach that resulted in the theft of its customer loyalty database. The company reportedly paid a ransom to prevent data publication. The question: Pay ransom or not? Talk amongst yourselves.

Microsoft Storm-0558 Exploit (U.S. and others):

A Chinese hacking group, Storm-0558, accessed OWA and Outlook.com accounts from around 25 organizations using forged tokens. One ring to rule them all, and in the darkness bind them.