Cyber Attacks and Data Breaches in Review: January 2023

Welcome to our latest monthly review of cyber attacks and data breaches. We found 104 publicly disclosed security incidents during the month, which accounted for 277,618,767 million breached records.

As ever, you can find the full list of security incidents on our sister site. In this blog, we look at the most notable headlines across Europe.

24 Hours of Le Mans Virtual event suspended amid security breach

The 24 Hours of Le Mans Virtual race is among the world’s most popular esports events, but this year’s event was mired in controversy amid a series of cyber attacks.

Like its real-life counterpart, the virtual race attracts some of the biggest names in racing, including back-to-back Formula 1 World Champion Max Verstappen, as well as racing veterans Romain Grosjean and Felix Rosenqvist.

The race was suspended on multiple occasions after the servers used to host the event were targeted by cyber criminals.

Although contestants, organisers and eager spectators were no doubt frustrated by the incident, few people were more upset by attack than Max Verstappen. He was leading the race by over a minute before being disconnected multiple times, and by the time the disruptions ended he had fallen back to 17th position.

He eventually climbed back to 14th place, but still two laps behind the leaders he decided to quit.

“This is the last time I am ever participating […] Honestly I’’s a joke, you can’t call this an event. Clown show,” he said afterward.

“It’s just a shame for everyone in the team because we all wanted to do well here and then you get this. I think I’m going to uninstall the game. That’s nice. Frees up a bit of space on the PC anyway. I hope everyone uninstalls the game.”

It was initially unclear what caused the disruptions, which led to delays of well over an hour, with initial reports suggesting that it was a technical failure.

As The Comback wrote during the race: “Technology doesn’t always work as we want it to all the time. You have hundreds of people from all around the world participating, in addition to broadcasting the race, and sometimes issues happen from time to time.”

However, the racer organisers later described the incident as a “suspected security breach”, indicating that it was a coordinated cyber attack.

The nature of the delays indicate that the race was targeted with DDoS (distributed denial-of-service) attacks. These attacks aren’t ‘breaches’ in the way you might typically consider them, as perpetrators don’t gain unauthorised access to sensitive information.

NortonLifeLock hit by credential-stuffing attack

The antivirus software and identity theft protection firm NortonLifeLock confirmed in January it had been targeted by cyber criminals.

According to Norton’s disclosure statement, the attack didn’t result from a breach of Norton’s own IT environment. Rather, a cyber criminal used credentials that they had purchased from the dark web in an attempt to log in to Norton customer accounts.

“Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account,” Norton said.

The organisation detected “an unusually large volume” of failed login attempts on 12 December 2022, indicating that users were being targeted in credential-stuffing attacks.

Credential stuffing refers to the practice of using lists of previously exposed usernames and passwords to access other sites.

The technique works because many people reuse their login credentials on multiple sites. If one account is compromised, attackers can use the information elsewhere.

Customers’ full names, phone numbers and mailing addresses are thought to have been exposed in the incident. The attackers might also have had access to Norton Password Manager users’ private vault data, which contains stored passwords for other online accounts.

Gen Digital, the parent company behind NortonLifeLock, confirmed that the breach began on 1 December 2022 and that all affected accounts have since between secured. However, it’s unclear what damage the cyber criminals were able to inflict before the vulnerability was closed.

Air France and KLM notify customers of account breaches

Air France and KLM recently confirmed that its customers’ personal data was compromised in a cyber attack.

The incident affected people who use Flying Blue, a loyalty programme than enables people to gain points for travelling.

“Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account. We have immediately implemented corrective action to prevent further exposure of your data,” the airlines said in a notification to customers.

KLM’s official Twitter account confirmed the attack, but the airline said it was confident “that the attack was blocked in time and no miles were charged”.

Despite this, the airline invited customers to change their passwords for their Flying Blue account. This undermines their assurance that nothing was affected.

Likewise, its notification specifically mentioned that customers’ names, email addresses, phone numbers and recent activity may all have been compromised.

Affected customers were also warned that their accounts had been locked due to the breach, and that they were not only invited to change their passwords but were actually required to.

It appears, then, that the breach was more significant than KLM initially suggested. Just how damaging it was remains to be seen.

Are you prepared for a cyber attack?

If you’re facing a cyber security disaster, IT Governance is here to help.

Our Emergency Cyber Incident Response Service provides the support you need to deal with the incident, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.