Welcome reader to your CybersecurityHQ report.

1. In September, MGM Resorts confirmed a bombshell of a cyberattack. The incident caused system outages across its Las Vegas properties, impacting ATMs, slot machines, and hotel services — all caught on camera and shared widely on social media. The incident remains under investigation almost three months out, with crucial details like data exfiltration still unclear. This followed a 2022 data breach involving 140 million guests.
   

2. The late-December cyber attacks on Iran’s fuel distribution system are another major headline from the past year. Likely caused by government-backed threat actors, the attack saw a staggering 60% of petrol stations reject fuel subsidies given to citizens. The scope and impact of this event make it one of the year’s biggest.
   

3. Probably no cyber attack was as well covered in 2023 as the MOVEit fiasco. Carried out by the Russia-based group Clop, the attack leveraged a flaw in the software to get a hold of confidential data and later ransomed it. The profits came out to a staggering $75-100 million. More than 84 million people’s data was compromised, and at least 2,667 organizations were hit — including the likes of IBM, Cognizant, and many more.
   

4. Early on in 2023, hackers infiltrated Microsoft's email platform, stealing over 60,000 emails from U.S. State Department accounts — focusing on correspondence concerning East Asia and the Pacific. The breach affected 25 organizations within the government, and they were quickly alleged to be the work of the Chinese state. This raised tensions between the two countries and highlighted the importance of cybersecurity in geopolitics.
   

5. A zero-day exploit in Citrix NetScaler ADC and Gateway became a major headline in the cybersecurity world in the second half of 2023. This vulnerability allowed unauthorized session hijacking and bypassing of security measures, implicating governments, universities, healthcare institutions, and more. Although the news spread widely in October, Mandiant observed it as early as August. Citrix has issued patches and advised immediate updates to mitigate the high-risk vulnerability.

2023 reiterated just how important cybersecurity is to private-sector organizations, government institutions, and individuals. The year ahead promises to serve up many more major stories of attacks — and we’ll cover it all here on the CybersecurityHQ report.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team