As we enter March 2023, the world continues to face a surge in cyberattacks that threaten individuals, businesses, and government agencies. The last month has already witnessed some of the most significant cyber incidents, including data breaches and ransomware attacks that have impacted millions of people and organizations worldwide.
As the threat landscape continues to evolve, it is crucial to understand the nature of these cyberattacks, their implications, and the measures taken to mitigate their impact.
This blog post will look closely at some of the major cyberattacks in February 2023.
Threat Actors Stole the Source Code of GoDaddy for 3 Years
31M Indians Are at Risk of Identity Theft
RailYatri, an Indian Railways ticketing platform, experienced a data breach due to a misconfigured Elasticsearch server which was open to the public without a password or other security authentication. A cybersecurity expert discovered the issue in February 2020 and reported it to RailYatri, which initially denied ownership of the data. The server had over 700,000 logs with over 37 million entries.
The company called Indian Computer Emergency Response Team in 2020. After that, they managed to secure the data. However, on February 16, 2023, a new leak post was made on a hacker forum. The leaked data include email addresses, full names, genders, phone numbers, locations, and 37,000 invoices, which could expose users to identity theft and phishing.
Cloudflare Blocks Record-Breaking DDoS Attack Targeting Websites on its Platform
Israeli university Technion hit by DarkBit ransomware group demanding $1.7M
Technion Institute of Technology, a leading research university in Israel, has been hit by a cyberattack launched by a new ransomware group called DarkBit. The attack has caused the Institute’s websites to be inaccessible.
The attackers left a ransom note demanding $1.7 million and promoting anti-Israel messaging, while the university blocked all communication networks in response to the attack.
The incident is currently under investigation, and while the attack may impact the university’s cyber systems, campus operations continue as usual.
Ransomware Attack Affects Over 3M Patients in California
Several medical groups in California have informed over three million patients that threat actors may have stolen their sensitive health and personal data in a ransomware attack that occurred around December 1, 2022.
Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical were among the Southern California healthcare organizations affected.
The US Department of Health and Human Services is investigating the incident, which impacted 3,300,638 individuals.
The stolen information included patients’ social security numbers, addresses, diagnosis and treatment information, laboratory test results, prescription data, and more.
Ransomware gangs often target healthcare facilities because they assume they will pay the ransom, and it is unclear who is responsible for this attack.
Reddit Falls Victim to Phishing Attack, Leading to Unauthorized Access Of Internal Systems
On February 5, Reddit was attacked with a phishing scam, which allowed unauthorized access to internal systems, code, and documents.
In the phishing attack, attackers redirected an employee to a fake website resembling Reddit’s intranet portal to obtain their credentials and 2FA tokens. An attacker accessed Reddit’s internal systems with that employee’s credentials.
Weee! Food Delivery Service Suffers Data Breach Exposing 11 Million Customer Records
The personal information of 11 million Weee! food delivery service customers were exposed to a data breach.
On February 6, the data was leaked by the threat actor “IntelBroker” on a breach forum. Weee! reported that the breach did not include payment information but exposed details such as names, email addresses, phone numbers, device operating system, order notes, dates, and delivery types of customers who ordered between July 12, 2021, and July 12, 2022.