Hundreds of cyberattacks take place every month, and the increasingly sophisticated tactics of hacking gangs mean organisations large and small are at risk.
Research commissioned by Sophos shows 94% of 3,000 cybersecurity and IT leaders across 14 countries experienced some form of a cyberattack or security breach in 2022. Around 23% of businesses were victims of ransomware, while the most popular types of attack were phishing (27%), data exfiltration (26%) and cyber extortion (24%).
Tim Hollingsworth, a senior cybersecurity engineer at software company Fusion Risk Management, says: “It seems like the list of types of malware is an ever-growing one, but a few big ones stand out. It feels as though we don’t go a week without hearing about a new ransomware attack that is taking over a city or business.
“Viruses and macro malware are the next big types that come to mind, especially macro malware, as, for instance, employees might not think twice about allowing that macro to run when opening a document, without realising that it contains malicious code.”
The UK registered the highest number of cyberattacks throughout Europe in 2022, corresponding to 43% of the total across the continent, according to the latest IBM’s X-Force Threat Intelligence report.
Tech Monitor has collated ten of the biggest cyberattacks of 2023 so far.
Capita
Outsourcing giant Capita fell victim to a significant cyberattack in March 2023 which has had big ramifications across the public and private sectors. The company confirmed that the breach affected internal Microsoft Office 365 applications, which halted the services to several UK clients, such as local authorities based in Barnet, Barking and South Oxfordshire. Capita’s clients also include government organisations, like the British military and the NHS, alongside the BBC.
Capita said data on 470,000 of the Universities Superannuation Scheme (USS)’s members might have been stolen during the March cyberattack. It is the biggest pension scheme for universities and higher education institutions in the UK.
Content from our partners
A pension fund spokesperson said: “We were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers. The information potentially accessed includes their title, initials and name, their date of birth, their National Insurance Number and their USS member number.”
In addition, up to 90 companies have also reported breaches due to the Capita cyberattack. The Information Commissioner’s Office (ICO) told Tech Monitor that it has been “receiving a large number of reports from organisations directly affected by these incidents”.
Since the reports have been received, it has been established that the ransomware gang Black Basta was behind these attacks since the criminals posted details of the company on its victim blog. It has also emerged that an AWS-hosted cloud storage bucket containing data from Capita clients had been online since 2016, with no password needed. Over 3,000 files were in the cloud, occupying over 650 gigabytes of data.
“To be clear, this does not necessarily mean that our data has been identified as exfiltrated, it means that your data was on [Capita] servers from which some data is likely to have been exfiltrated,” a message sent to the corporation’s pension clients read.
These incidents cost Capita a 16% drop in its stock shares. The corporation expects costs of around £20m, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cybersecurity environment.
Royal Mail
On 12 January 2023, Royal Mail announced it was the victim of what it described as a “cyber incident” at the hands of the Russian ransomware gang LockBit. The company said: “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.” While overseas shipping was halted, national postage had some minor delays too.
Services resumed two months later, but at the end of February 2023, the criminals released data belonging to Royal Mail’s staff in order to pressure the company to pay its ransom.
This came after the gang had already given an ultimatum to Royal Mail, saying that it would be “the last chance to prevent leaks of [Royal Mail] information. We are ready to make a discount, remove the stolen information and provide a decryptor for $40m,” LockBit wrote. “There will be no more delays, after the timer expires all the data will be released.”
LockBit’s leader is “really upset that [Royal Mail] didn’t pay” says Jon DiMaggio chief security strategist and ransomware researcher at Analyst1. “He wants them to pay,” DiMaggio said. “He feels that the organisation has the money but spends it unwisely and that they should pay him instead. That was something that he said in one of the criminal forums.”
WH Smith
In the March WH Smith cyberattack, hackers managed to access and leak sensitive employee information from the retailer. No other data was accessed, however, as customer accounts were stored on a different system, WH Smith said at the time.
“WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” the company said in an alert issued to the London Stock Exchange. The accessed information included employee names, addresses, national insurance numbers and dates of birth.
It came less than a year after WH Smith was hit by another cyberattack, which forced the greeting card company Funky Pigeon, owned by the retailer, to go offline as a precaution. It had to contact all customers it had dealt with in the previous year to notify them, but no data breach or leak occurred.
ChatGPT
On 20 March, 1.2% of ChatGPT Plus subscribers were targeted during a nine-hour-long outage where their payment-related data was stolen.
Co-founder and CEO Sam Altman tweeted: “We had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating. A small percentage of users were able to see the titles of other users’ conversation history. We feel awful about this.”
An OpenAI spokesperson wrote: “In the hours before we took ChatGPT offline, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.”
Officials took the application offline after they found a bug in an open-source library, which is what ultimately allowed the users to see other users’ information.
ABB
Global automation company ABB fell victim to a cyberattack in May 2023. The criminal group Black Basta attacked the corporation through its Windows Active Directory, compromising hundreds of company devices.
This ransomware attack first became apparent on 7 May, when the company’s operations were halted internally. So far, it is not specified whether ABB paid the ransom, or if there was even one, however, private information was leaked. Additionally, in order to prevent criminals from affecting other networks, the company temporarily stopped all VPN connections.
Black Basta is based in Russia and, since 2022, it has regularly targeted both public and private organisations all around Europe, hitting 44 victims in just a year, according to a Trend Micro Report. Cybercriminals in general often act via double extortion tactics, which usually see a company’s data encrypted so that the organisation can be compelled into communicating with the gang to reach a deal.
Headquartered in Switzerland, ABB is one of the global leaders in the robotic systems field, employing over 100,000 people. In addition, it works closely with over 40 US-based engineering, manufacturing, research and service facilities operating alongside the US Army Corps of Engineers and Federal Civilian agencies.
Lacroix
The cyberattack against Lacroix, which happened in May, caused the company’s virtual infrastructure to be encrypted. It also forced Lacroix to close three out of eight sites around the globe for a week since they cannot function without the digital component. In particular, the company’s manufacturing centre in Beaupréau, a German site in Willich and a factory in Zibra were targeted. These three factories were responsible for 19% of the company’s total sales in 2022.
Like in ABB’s case, it is also unclear whether a ransom has been paid or even demanded.
The Guardian
Between December 2022 and January 2023, The Guardian newspaper was the victim of a “highly sophisticated cyberattack involving unauthorised third-party access” to parts of the company’s network, according to an email sent to staff. After a thorough investigation by cybersecurity organisation Knowbe4, it emerged that the attack was caused by a phishing campaign via email, which tricked one of the employees to give away access details.
Because of this event, the Guardian staff was forced to work from home for two months as the company attempted to build its systems back.
Some staff information was breached, including salaries, bank details and even passport numbers. The Information Commissioner’s Office confirmed that this was the case of criminal ransomware, even though The Guardian has not paid the ransom.
WordPress
In February, malware infiltrated 14,000 WordPress sites via infected adverts. These ads then redirected users to counterfeit question-and-answer pages created to improve the digital reach of the attacker’s sites.
The malware imitated URL-shortening services like bit.ly, redirecting the victim to the wrong place rather than the one they clicked on. The peculiar aspect of this attack is that the criminals’ intention was to build SEO authority on Google, via a technique called black hat SEO.
A Securi report stated: “Attackers are often found promoting spam for pharma, easy writing services, knock-off products or, in this case, fake Q&A sites […] attackers are using Google search result links in their redirects.”
This black hat SEO affected wp-settings.php, wp-mail.php and wp-signup.php, which are the portals with the most access to WordPress infrastructure.
Virgin Media
Ireland’s Virgin Media television network took notice of an unauthorised attempt to access its servers in February, which impacted several TV channels. As Ossian Smyth, Ireland’s minister of state, described, this has been a “major hack”.
This cyberattack’s consequences affected the network extensively, especially programming on Virgin Media Three, Four, More and VMTV. Later on the day, Virgin Media did share that the security breach had been contained and extinguished.
A report showed that the frequency of cyberattacks in Ireland has increased by 26% year-on-year. Even if this particular event did not affect the UK, Virgin Media was the victim of another cyber crime in 2020, when the data of 900,000 customers were exposed.
In February, Reddit confirmed that hackers invaded its code and got their hands on internal documents via a successful phishing attack. This caused the information of hundreds of current and former employees to be leaked, as well as some advertiser and financial data. Reddit CTO Christopher Slowe described it as a “sophisticated and highly targeted phishing attack”.
The phishing campaign compelled some employees to access a page which then copied the company’s intranet portal. The criminals made it very realistic and authentic-looking, Slowe described. Even if only successful for one employee, the attack caused hundreds of files to be exposed.
None of these documents or information was enough to damage the system or the site since the victim reported it immediately and Reddit’s cyber security team was able to shut the attack down quickly.
