Today’s digital-first world supports constant connectivity, affording us modern conveniences but also opening organizations to vulnerabilities. Recent cyber attacks highlight the importance of cybersecurity protections to mitigate risk, especially as bad actors leverage the latest tactics to execute their nefarious schemes.
This blog breaks down several cyber attacks from 2023, explores the latest cyber threats and provides strategies for strengthening your institution’s defenses.
Want to learn more about the state of cybersecurity? Watch our on-demand webinar for insight into the cybersecurity landscape.
Examining Cyber Attacks in 2023
Even as cybersecurity monitoring technology advances, attacks continue to make headlines and affect organizations of all sizes. It’s important to examine recent cyber events to understand how bad actors successfully execute attacks. Here are a few notable attacks that occurred throughout 2023:
- MoveIT transfer is a data transfer program used by customers worldwide. In May 2023, Progress Software announced that it was the subject of numerous vulnerabilities. Unfortunately, when those vulnerabilities were revealed, data had already been accessed by a ransomware operation. Each time a vulnerability was announced, bad actors swarmed to take advantage until a patch was installed. This incident affected financial services institutions, government agencies and other organizations worldwide. As a result of this incident, 2,000 firms were compromised, leading to a total of 60 million victims.
- In September 2023, MGM Resorts in Las Vegas experienced a cyber attack resulting in a customer data breach, operational disruption and an estimated $100 million in costs. In this attack, hackers from the group Scattered Spider found an employee’s information on LinkedIn and impersonated them in a call to MGM’s IT help desk to gain account access. Once they succeeded, they accessed cloud resources and servers in addition to identifying terabytes of data. MGM shut down systems to contain the compromise—but with cascading effects that led to limited casino functionality, failure of applications and more. Scattered Spider is notorious for launching sophisticated attacks and stealing legitimate certificates used to sign in to applications. They insert malware into these certificates, so they are often undetected by anti-malware programs. Once in the system, they disable anti-malware systems to broaden their attack. They often conduct phone social engineering, which IBM found to be three times more successful when targeted. From there, they use AI to collect data from social media and other platforms to create elaborate attacks and impersonate someone, as evidenced in the MGM attack.
- Clorox also experienced an attack believed to be from the same Scattered Spider group in August 2023. This incident resulted in disruptions to several of the company’s production systems, which affected the supply chain for their products. The attack also damaged their IT infrastructure, requiring it to be rebuilt and negatively affected their financials. Unfortunately, the company’s incident response did not go as planned, resulting in a longer timeline than expected to get production systems back up.
By examining recent cyber attacks, institutions can learn common tactics and be better prepared to fend off threats.
Exploring Current Cybersecurity Threats
As technology evolves, so do cybersecurity threats—making it critical to stay on top of the latest opportunities and challenges. While the threats explored below are not new, these attacks are increasingly common since hackers can monetize them.
- Account takeover: Unfortunately, today’s hackers increasingly have access to credentials due to data leaks and breaches. Motivated hackers can download credentials on the dark web. Fraudsters also launch phishing attacks—often via email—to institutions’ employees with the goal of obtaining credentials. Consider this scenario: If a hacker obtains credentials for your institution’s president or chief financial officer, they can send an internal email authorizing a wire transfer. If an unsuspecting employee completes the transaction, the hackers receive their payoff.
- Ransomware: If attackers can access a compromised account, they can implement ransomware. A type of malware, ransomware locks out authorized users, encrypts data and holds it for ransom. Phishing is a common attack vector for ransomware since it only requires one user to click on a malicious link. If a user’s workstation is not up to date on the latest patches, that’s an easy entry point into your organization. The accessibility of Ransomware-as-a-Service kits also makes this type of attack viable and increasingly common.
- Cloud attacks: Migrating from an on-premises IT infrastructure to the cloud affords organizations and employees various benefits, including scalability and availability. If your institution experiences a power outage, damaging weather event, internet outage or another unexpected incident, you can deploy a remote workforce with flexibility because of the cloud. However, cloud migrations have shifted and expanded the surface area for attacks. Cloud attacks occur as hackers attempt to access email or payroll systems that are housed in the cloud.
Familiarizing yourself with the latest threats–including account takeover, ransomware and cloud attacks–can help your institution strengthen its defenses.
10 Strategies for Mitigating Risk of Cyber Attacks
Your institution should be prepared to combat a variety of threats, including those explored above. Here are several strategies that your institution should consider to mitigate your cyber risk and strengthen your cybersecurity posture.
1. Deploy continued cybersecurity monitoring.
Many organizations do not have the resources to dedicate to around-the-clock monitoring and response—and hackers know this. Targeted, coordinated attacks are often more likely to occur at 2 a.m. rather than 2 p.m., as hackers wager that you’re paying less attention in the middle of the night. Ensure your cybersecurity monitoring platform provides you with the same level of coverage all the time and can identify anomalies, alert you to them and take real-time action to ensure the threat doesn’t spread throughout the network.
Further, you should have a process in place for security management to ensure your platform always works as intended. This helps avoid potentially harmful malfunctions, such as servers running out of storage and no longer logging data.
2. Segment your network.
Having a properly segmented network helps limit damage in the event of a cyber incident. Look for opportunities to prohibit employees’ access to unnecessary applications. This will reduce a hacker’s opportunity to exploit certain users during a compromise. If you don’t restrict your users’ ability to access software, the entire application or data accessible through it can be at risk once a user is compromised.
For example, does everyone need access to your CRM, which contains sensitive customer information? Who has access to your payroll system? Regularly review user access to ensure employees only have access to the applications necessary for them to execute their specific duties.
3. Conduct proper vendor management.
Your institution should conduct vendor due diligence to understand any risks they pose. Further, you should also ensure your vendors engage in management for their customers as well. While some institutions perform the same level of due diligence on all vendors, this can result in inadequate due diligence on higher-risk vendors and excessive due diligence on lower-risk vendors.
4. Ensure good cyber hygiene.
Cyber hygiene is the foundation of a secure online presence and references the steps that users of digital devices should take to improve online security. Much like physical hygiene, cyber hygiene should be prioritized to maintain digital health. By promoting good cyber hygiene practices, your institution plays a crucial role in keeping employees and consumers safe. These practices can include simple protections like encouraging employees to lock devices and only join secure Wi-Fi networks, as well as more involved processes like backing up valuable data regularly and using a password manager application to track and store passwords.
5. Emphasize security awareness.
While October is Cybersecurity Awareness Month, your institution should encourage your employees to be cyber-aware all year. Use encouraging messaging when communicating about cybersecurity, and ensure your employees understand basic security measures, such as exercising caution before clicking links and never inserting random USBs. Effective security comes from the leaders of the organization. If your institutional leadership is invested in security, it will be more easily embedded into the organizational culture.
Remember: The human element is often the weakest link during an attack. Your institution can deploy all the latest technical and security controls, but cultivating a cybersecurity-focused workforce remains critical.
Empower your institution’s employees with up-to-date cybersecurity training to ensure they know how to respond to suspicious activity.
6. Evaluate your cyber insurance coverage.
Cyber liability insurance, also known as cyber insurance, is a type of insurance policy designed to provide businesses with coverage in the aftermath of a cyberattack. Ensure you have the appropriate coverage—not too much or too little. Many institutions are securing cyber insurance policies since traditional insurance policies for general liability or basic business interruption coverage may not fully cover cyber risk exposures. Coverage may also be limited and not cover incidents caused by or tracked to outside vendors, so be sure to understand your policy.
7. Address cyber vulnerabilities.
Your institution should prioritize identifying and addressing vulnerabilities. The window between vulnerabilities being announced and patches or code available to mitigate them is short. Hackers can use AI to write code to exploit newly discovered vulnerabilities, making it critical to expedite any potential vulnerabilities. To help your institution stay one step ahead of hackers, apply patches when necessary.
8. Protect your data.
In today’s interconnected world, you should know when a user attempts to share or remove data from your protected network. And as employees work remotely or in a hybrid setting, it is increasingly vital for organizations to have increased insight into data movement. Data loss prevention (DLP)software allows institutions to control how their data is shared by allowing them to identify sensitive information and apply policies to prevent it from leaving the system.
9. Enforce conditional access policies.
Especially with the migration to the public cloud, your organization must know how and when users can access systems and data. Conditional access policies control access into specific systems by requiring certain criteria to be met before a login is successful. With conditional access policies, your institution can secure your data in the public cloud by requiring users to access it through a virtual private network (VPN).
10. Develop an incident response plan.
Institutions should have an incident response plan (IRP) not only to fulfill regulatory expectations but to have an established, tested process to deal with cyber incidents. As part of your IRP, ensure employees know their role and any related messaging. You should also regularly test your IRP to understand how it will function. How will it work in real scenarios? When testing your IRP, be sure to work through incidents of varying complexities. Institutions often only test one incident, but many cyber attacks are complex and comprised of different types.
Keep Up with Current Cyber Attacks
When it comes to cybersecurity, your organization can’t afford to be reactive. Deploying multiple layers of security and ensuring your workforce understands the latest threats will go a long way in mitigating your risk.
Watch our on-demand webinar to learn how your institution can stay one step ahead of the latest threats.
WATCH NOW
Steve Sanders serves as CSI’s chief risk officer and chief information security officer. In his role, Steve leads enterprise risk management and other key components of CSI’s corporate compliance program, including privacy and business continuity. He also oversees threat and vulnerability management as well as information security strategy and awareness programs. With more than 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain a command of cyber risk oversight.