Cyberattacks can disrupt organizations at scale. From shutting down production lines to exposing millions of people’s personal data, each incident offers a unique perspective into the attack landscape, attacker playbooks, and defense strategies that fail or thrive under pressure. Learn from these incidents by analyzing the most notable cybersecurity news of 2023, and use them as a guide to improve your organization’s security posture.
The International Criminal Court was impacted by a cyberattack, but it isn’t yet clear whether sensitive data was compromised. The attack was most likely a ransomware-style threat, and the ICC is currently working with authorities to identify the attackers and the impact of the incident.
Boeing suffered a data breach that impacted its parts and distribution business. The attackers used a vulnerability in Citrix software to gain access to systems and exfiltrate 43 gigabytes of information. The company was able to restore services and prevent further data leaks by paying a ransom.
23andMe’s data breach exposed personal data on more than 14 million customers. The company attributed the breach to poor password hygiene, and it has since reset passwords for affected users and added two-step verification.
Rhadamanthys was advertised on cybercrime forums as an information stealer available as a malware-as-a-service alongside other tools like Vidar, Lumma, and StealC. The tool is capable of collecting device and web browser fingerprints, generating screenshots, and performing a remote code execution on endpoints.
APT29 is targeting energy management companies in the US through a spear-phishing campaign that aims to establish persistence and conduct long-term espionage. The attackers are exploiting vulnerabilities in a range of software and devices, including web cameras and DVRs.