Cyber Chronicles 2023: Epic Recap of the years Hacks, "Heroes", and Showdowns!
As 2023 draws to a close, it's time to reflect on a whirlwind year in cybersecurity! From $100 million-dollar hacks, unexpected twists - when threat actors turn 'good guys' - and the heated showdown between a notorious ransomware gang and the FBI!
#5 Cyber Criminals + Ethical Code?
Kicking off our list with an intriguing event: LockBit Ransomware Gang, known for its ominous activities, shocked many by apologizing for a cyberattack on a children's hospital. I do have an affinity for LockBit. While the gang is no doubt a dangerous cybercrime operation, they often exhibit a peculiar sense of humor, even daring individuals to get tattoos of their logo (story for another day). This ransomware group operates as Ransomware as a Service (RaaS), similar to a criminal franchise. The primary group owners build and maintain the ransomware code then offer its use to affiliates of the group in exchange for a portion of the ransom profits. This method of ransomware distribution has gained popularity recently as it allows less experienced criminals the opportunity to carry out ransomware attacks, and primary code owners the benefit of profit without all the leg work.
Surprisingly, some of these ransomware groups, including LockBit, enforce ethical boundaries for their affiliates. Early in the year it was reported that a LockBit affiliate violated this code by targeting SickKids Hospital in Toronto, an action deemed unethical due to the potential life-threatening consequences of disrupting critical hospital systems. In response to the affiliate's attack against the hospital, the leaders of LockBit expelled the affiliate, provided a free decryption key allowing the hospital to unlock their systems, and publicly apologized.
This unexpected gesture highlights an unusual side of cybercrime – bad actors displaying a sense of conscience towards sensitive institutions like children's hospitals
#4 MGM Suffers $100-Million Dollar loss, Chaos Ensues
On September 11th, MGM Resorts, a major casino chain, reported a significant 'cybersecurity issue' impacting several of its systems. What followed were days of uncertainty for many guests. MGM's properties' websites went offline, guests were unable to access their rooms due to digital keys not working, ATMs, slot machines, electronic payment systems, and online reservations were all disrupted. Guests reported experiencing fire alarms sounding in the dead of night, and elevators ceased to function forcing guests to walk 20+ flights to their rooms. It was later discovered that this 'cybersecurity issue' was, in fact, a full-blown ransomware attack. Suspicions pointed towards the youth criminal group Scattered Spider and the notorious ransomware gang AlphV as the perpetrators behind the attack. How did they get in? According to researchers, Scattered Spider employed highly effective social engineering tactics to manipulate a help desk worker into providing login credentials. Armed with these credentials, the hackers gained access to the network and proceeded to deploy their ransomware. To add insult to injury, MGM informed its customers that hackers had not only disrupted service but had also gained access to some of the guests' data, including names, contact information, date of birth, gender, driver's license, and even social security numbers. This incident serves as a stark reminder of the delicate and interconnected nature of our digital world, showcasing how swiftly chaos can unfold from just a call to the helpdesk gone wrong.
#3 Uber Systems breached by an 18 year old
In 2023, Uber faced a cybersecurity breach initiated by an 18-year-old hacker who infiltrated various systems, including Uber's Amazon Web Service console, VMware virtual machines, Google Workspace admin dashboard, and Slack communications channels. Using Slack access, the teen messaged multiple employees telling them that their employer had been breached. Initially employees had taken it as a joke before realizing the severity. Shortly after realizing the severity, Uber posted they were experiencing a cyber incident on their social media platforms.
The intrusion by a teenager into such a massive transportation network raised questions: How did this happen? The answer was surprisingly simple: MFA Fatigue. Multi-Factor Authentication (MFA) usually enhances access security by requiring additional steps, like confirming a login through a prompt or code. However, MFA fatigue involves attackers bombarding users with "is this you?" prompts until they grant access out of frustration.
Fortunately for Uber, the attacker's intent seemed more mischievous than malicious. Nevertheless, this incident highlights the importance of robust security measures and ongoing user training to combat such tactics efficiently.
#2 Samsung's Self Inflicted Data leak
In the quickly evolving landscape of AI integration, the inadvertent disclosure of sensitive corporate data among Samsung employees in early April 2023 highlighted the intricate risks associated with AI platforms like ChatGPT. Samsung employees unwittingly exposed critical company information when using ChatGPT for business function, including essential source code used in semiconductor equipment measurement.
The challenge arises from ChatGPT's underlying mechanism as a Large Language Model (LLM) AI algorithm, which absorbs and learns from user inputs. Although designed with privacy measures, ChatGPT combines user-generated content into its vast dataset, potentially influencing subsequent AI-generated responses. Consequently, there exists a tangible risk where confidential data inputted into ChatGPT might inadvertently surface in subsequent AI-generated outputs, highlighting the nuanced challenges surrounding data privacy and security in AI environments. Samsung has since banned the use of AI since the incident.
Personally, I think more conversations are needed around AI and use cases. I'm not sure how long companies will get away with simply "banning" AI rather than proper evaluation and safe implementation.
#1 FBI vs Black Cat, Cyber showdown
Concluding our list, we dive into a high-stakes confrontation between the FBI and Black Cat, the second most prolific ransomware gang in the world. Black Cat is a Russian based ransomware gang who have gained a staggering $300 million from 1,000 global victims. In December 2023, after months of monitoring and utilizing over 900 Tor sites, the FBI executed a bold move, seizing control of the gang's dark web site and displayed a 'seizure' notice. Their efforts also lead to obtaining a decryption key allowing multiple victims to recover systems and saved an estimated $68 million in unpaid ransoms—an undeniable win.
However, the battle didn't end there. Black Cat swiftly regained control of their website, replacing the FBI's notice with an audacious 'Unseized' declaration. They retaliated by asserting that the FBI's intrusion would cost 3,000 victims the chance to recover their data. Moreover, in a disturbing turn, the gang announced the removal of restrictions, openly allowing attacks on hospitals and critical infrastructures, except those in Russia or the Commonwealth of Independent States. "Because of their actions, we are introducing new rules, or rather, we are removing ALL rules except one, you cannot touch the CIS [a common restriction against attacking organizations in Russia or the Commonwealth of Independent States]. You can now block hospitals, nuclear power plants, anything, anywhere."
Black Cat had also posted on their website that they will be offering affiliates a staggering 90% profit to encourage existing members and entice new recruits. As of this writing, the FBI had regained website control, both parties have the private key to the site, the owner will be determined by whoever is the latest to publish, and the battle continues. With Black Cat's perilous reputation and their revised operational guidelines, the new year promises a gripping saga in the world of cybercrime.
As we draw to a close on this captivating chronicle of the years cyber incidents, we've journeyed through a realm where the virtual meets the visceral. From the audacious actions of ransomware gangs to the unexpected twists of hacker ethics, each narrative has unveiled the multifaceted nature of cyber warfare. We witnessed a ransomware group's unexpected apology to a children's hospital, a teenager's breach of ethical boundaries, and a showdown between the FBI and a notorious ransomware gang. These tales paint a vivid picture of a world where lines between good and evil blur in the digital abyss.
Sources
https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant