The MOVEit breach may well have been the biggest cyberattack of the year

MOVEit hack tops the table in a year of devastating cyberattacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

It seems the breach of the file transfer serviceMOVEitwas one of the biggest cyberattacks of 2023 - despite it being a year in which a number of dangerous new trends and tactics emerged.

A newreportfrom ESET examined the most significant cyber incidents of the second half of 2023, noting that what made the MOVEit breach unique, aside from its widespread impact, was the fact that noransomwarewas actually deployed by Cl0p, the gang behind the attack.

It also leaked stolen data from victim organizations onto public website, another case of a new tactic being employed by cybercriminals. This was emulated by the notorious ALPHV/ BlackCat ransomware gang, who were also prevalent this year.

Emerging trends

In its report, ESET notes that due to the sheer scale of the MOVEit hack, it was likely too much effort for Cl0p to encrypt every victim it captured. ESET cites figures fromEmsisoftwho estimates the number of affected organizations after six months to be over 2,600.

Victims ranged from government agencies, schools and healthcare, to major firms likeSonyand PricewaterhouseCoopers (PwC).

Another emerging trend for this year has been the rise of attacks involving AI, not surprising given the boom the technology has experienced in the wake ofChatGPT’s public release in November 2022.

Many campaigns have targeted users ofAI toolslike ChatGPT, as well as creating fake domains resembling ‘ChatGPT’ in their wording. Such domains include web apps that use theOpenAIAPI keys in an insecure way, threatening user’s data privacy.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Also taking this year by storm was the Lumma stealer, which was very successful in stealing crypto wallets. It alone was responsible for a 68% rise in crypto theft this year, accounting for 80% of detections in this sector. The Lummamalwarehas also been stealing credentials and other information, with the total number of Lumma detections tripling between H1 and H2 2023.

And the ever-present Magecart threat, which has been hassling retailers since 2015, still remains strong - in fact it has actually been growing this year. It injects code into unsecure websites to steal information from users, such as their credit card details. The number of detections between 2021 and 2023 rose by 343%.

Jiří Kropáč, Director of Threat Detection at ESET, concludes that “these developments show an ever-evolving cybersecurity landscape, with threat actors using a wide range of tactics.” With the rise of AI and the constantly evolving tactics of threat actors, it looks as if attacks will only worsen going into next year too.

MORE FROM TECHRADAR PRO

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Belkin SoundForm Wired Earbuds with USB-C Connector review: sadly, these live up to their nominal price tag