Recent Major Cyberattacks in USA

Recent Major Cyberattacks in USA
1. Change Healthcare (Feb 2024) – $22M Ransom Paid
  • What Happened: ALPHV/BlackCat ransomware gang breached the largest U.S. healthcare payment processor, disrupting pharmacy claims nationwide for weeks.
  • Impact: Exposed patient records of 1 in 3 Americans; parent company UnitedHealth paid ransom.
  • Lesson: Critical infrastructure providers must segment networks and disable remote access tools like Citrix Bleed (CVE-2023-4966).
2. Microsoft Email Breach (July 2023) – China-Linked Espionage
  • Attackers: Chinese state group Storm-0558 hacked 25+ organizations (including U.S. govt emails) via forged Azure AD tokens.
  • Aftermath: Led to White House executive order mandating MFA for all federal systems.
  • Defense Tip: Enterprises should enforce hardware-bound FIDO2 keys instead of SMS/email 2FA.
3. MGM Resorts (Sept 2023) – $100M Casino Shutdown
  • How: Scattered Spider gang used vishing (voice phishing) to trick IT staff, deploying ransomware.
  • Cost: $100M+ in losses from slot machines, bookings, and IT recovery.
  • Trend: Social engineering attacks now target help desks with fake employee calls.
4. Xfinity (Jan 2024) – 36M Users Exposed
  • Cause: Exploit of Citrix NetScaler vulnerability (CVE-2023-4966) let hackers steal hashed passwords.
  • Response: Forced password resets; lawsuits filed for delayed disclosure.
  • Action: Patch internet-facing systems within 48 hours of critical CVEs.
5. LoanDepot (Jan 2024) – 16.6M Mortgage Records
  • Attack: ALPHV ransomware encrypted data, then double-extorted by leaking sensitive documents.
  • Aftermath: Customers faced mortgage fraud risks; FBI advises never to pay ransoms.
Emerging Threats (2024)
  • AI Voice Cloning: Scammers mimic CEOs/family members to wire funds (FBI reports $2.9B in losses in 2023).
  • OT Attacks: Water plants, factories targeted via unsecured IoT devices (see CISA Alert AA24-109A).
  • Supply Chain Bombs: Malware hidden in software updates (e.g., 2023 MoveIT breach).
How to Stay Protected
✅ For Individuals:
  • Freeze credit at Experian if impacted by breaches.
  • Use YubiKey or Google Authenticator for 2FA (disable SMS).
✅ For Businesses:
  • Isolate backups from main networks (ransomware now targets backups first).
  • Conduct tabletop exercises using CISA’s