Hundreds of cyberattacks take place every month, and the increasingly sophisticated tactics of hacking gangs mean organisations large and small are at risk. With ever-evolving hacking techniques, not only cyberattacks are more difficult to predict but also to remedy.
The growing access to Artificial Intelligence gives attackers high-performance resources to infiltrate systems and adapt to specific contexts and languages, making it an additional weapon against cybersecurity.
According to research commissioned by Sophos, 94% of 3,000 cybersecurity and IT leaders across 14 countries experienced some form of a cyberattack or security breach in 2022. Around 23% of businesses were victims of ransomware, while other prominent attacks were phishing (27%), data exfiltration (26%) and cyber extortion (24%).
The UK registered the highest number of cyberattacks throughout Europe in 2022, corresponding to 43% of the total across the continent, according to the latest IBM’s X-Force Threat Intelligence report.
Tech Monitor has collated ten of the biggest cyberattacks of 2023.
Outsourcing giant Capita fell victim to a significant cyberattack in March 2023, a breach which had huge ramifications across the public and private sectors. The company confirmed that hackers targeted internal Microsoft Office 365 applications, which halted the services to several UK clients, such as local authorities based in Barnet, Barking and South Oxfordshire. Capita’s clients include government organisations, like the British military and the NHS, alongside the BBC. Their services are also used by the UK government to manage pension funds for large firms, including Axa and Royal Mail.
Capita said data belonging to 470,000 members of the UK’s biggest pension scheme for higher education, the Universities Superannuation Scheme (USS), might have been stolen during the March cyberattack. “The information potentially accessed includes their title, initials and name, their date of birth, their National Insurance Number and their USS member number,” said a spokesperson for the pension fund at the time. The USS was only informed about the likely breach on 11 May, two months after the original incursion at Capita.
Another 90 companies also reported breaches linked to the Capita cyberattack. Eventually, it was established that the ransomware gang Black Basta was behind these attacks after the organisation posted details of the IT outsourcing provider on its victim blog. It has also emerged that an AWS-hosted cloud storage bucket containing data from Capita clients had been online since 2016, with no password needed. Over 3,000 files were in the cloud, occupying over 650 gigabytes of data.
“To be clear, this does not necessarily mean that our data has been identified as exfiltrated,” a message from one of Capita’s pension clients read. “[I]t means that your data was on [Capita] servers from which some data is likely to have been exfiltrated.”
These incidents cost Capita a 16% drop in its stock shares. The corporation estimated that the attack cost it around £20m to remedy, a reconstruction effort that comprised specialist professional fees, recovery and remediation costs and investment to reinforce its cybersecurity environment.
On 12 January 2023, Royal Mail announced it was the victim of what it described as a “cyber incident” at the hands of the Russian ransomware gang LockBit. The company had to halt their international export services and delays were observed in national postage services.
This came after the gang had already given an ultimatum to Royal Mail, saying that it would be “the last chance to prevent leaks of [Royal Mail] information. We are ready to make a discount, remove the stolen information and provide a decryptor for $40m,” LockBit wrote. “There will be no more delays, after the timer expires all the data will be released.”
As it turned out, Royal Mail did not pay the ransom, instead choosing to spend £10m on restoring and improving its cyber defences. In the end, the breach made a bad year worse for the postal giant, which posted a half-year loss of £319m.
UK Electoral Commission
In August 2023, the UK Electoral Commission (EC) – the independent body responsible for regulating elections and political finance in the UK – announced that it had been targeted by a “complex cyber-attack”.
The hackers were able to access the EC’s registers, which contained the name and address of anyone who was registered to vote between 2014 and 2022 and those registered to vote in Northern Ireland in 2018. Any information shared through the commission’s online contact form between August 2021 and October 2022 was also accessed during the attack. The EC clarified that the material impact this breach would have on UK elections was however low, given that most voting in the country is paper-based.
It remains unclear who was behind this attack, though some publications were happy to speculate that the culprits were headquartered in Russia. It was also revealed in September that the Commission had failed a Cyber Essentials test earlier in the year and that the attackers had first accessed the system in August 2021.
Shaun McNally, then chief executive of the Commission, said in a statement that the agency regretted that “sufficient protections were not in place to prevent this cyber-attack.” He added: “The successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.
Global automation company ABB fell victim to a cyberattack in May 2023. The criminal group Black Basta attacked the corporation through its Windows Active Directory, compromising hundreds of company devices.
This ransomware attack first became apparent on 7 May, when the company’s operations were halted internally. ABB has not confirmed whether it has paid the ransom – although cybersecurity researcher Kevin Beaumont claimed it did – though private information was leaked. Additionally, to prevent criminals from affecting other networks, the company temporarily stopped all VPN connections with its customers.
Black Basta is based in Russia and, since 2022, it has regularly targeted both public and private organisations all around Europe, hitting 90 victims in just over a year, and making more than $100m throughout its operations, according to a Corvus Report. Cybercriminals in general often act via double extortion tactics, which usually see a company’s data encrypted so that the organisation can be compelled into communicating with the gang to reach a deal.
Headquartered in Switzerland, ABB is one of the global leaders in the robotic systems field, employing over 100,000 people. In addition, it works closely with over 40 US-based engineering, manufacturing, research and service facilities operating alongside the US Army Corps of Engineers and Federal Civilian agencies.
Global casinos and hotels giant MGM Resorts had to shut down many parts of its internal network in September following a criminal cyberattack. As the biggest hospitality and casinos owner on the Las Vegas Strip, the several-hours-long shutdown prevented customers from using their digital room keys, slot machines, online reservation systems and more.
After a few hours, the attack was contained and hotels and casino activities were able to function normally.
Still, the cyberattack cost MGM Resort more than $100m, according to a report from the US Securities and Exchange Commission (SEC). The hospitality firm’s chief executive, Bill Hornbuckle, claimed that no information about customers’ payments or bank details had been compromised. However, he revealed that certain names, contact information, dates of birth, driver’s licence numbers and even some Social Security and passport numbers of customers were obtained by the attackers.
Between December 2022 and January 2023, The Guardian newspaper was the victim of a “highly sophisticated cyberattack involving unauthorised third-party access” to parts of the company’s network, according to an email sent to staff. After a thorough investigation by cybersecurity organisation Knowbe4, it emerged that the attack was caused by a phishing campaign via email by a “third party”, most likely a criminal group whose identity has not been discovered.
Because of this event, staff was forced to work from home for two months as the company attempted to build its systems back.
Some staff information was breached, including salaries, bank details and even passport numbers. The Information Commissioner’s Office confirmed this was the case of criminal ransomware, even though The Guardian has not paid the ransom.
In February, malware infiltrated 14,000 WordPress sites via infected adverts. These ads then redirected users to counterfeit question-and-answer pages created to improve the digital reach of the attacker’s sites.
The malware imitated URL-shortening services like bit.ly, redirecting the victim to the wrong place rather than the one they clicked on. The peculiar aspect of this attack is that the criminals intended to build SEO authority on Google, via a technique called black hat SEO.
A Sucuri report stated: “Attackers are often found promoting spam for pharma, easy writing services, knock-off products or, in this case, fake Q&A sites […] attackers are using Google search result links in their redirects.”
This black hat SEO affected wp-settings.php, wp-mail.php and wp-signup.php, which are the portals with the most access to WordPress infrastructure.
On 28 October, the UK’s national library was hit by a ransomware attack claimed by Rhysida, a group already known for similar cyberattacks on the Chilean Army and the University of the West of Scotland.
The British Library’s internal data has been stolen, leaked and put up for sale with a starting bid of 20 Bitcoin, equivalent to £591,000 at the time of writing. The last information to date – published by the British Library on 8 December – stated that the library is “continuing to experience a major technology outage,” and that while their buildings remain functioning, many online and onsite services are “still unavailable”.
As a public body dependent on the UK government’s funds, it is most likely that the ransom has not been paid, which could explain why Rhysida put the data for sale.
Researchers and academics have been – and continue to be – directly impacted by the incident, as they have not been able to access all the library’s resources. A spokesperson for the British Library said: “We anticipate restoring more services in the next few weeks, but disruption to certain services is expected to persist for several months.”
Last but not least, the MOVEit cyberattack is largely regarded as the biggest data hack of the year. In May 2023, a vulnerability in the app was exploited by the ransomware group Cl0p, which was able to steal data from over 2,600 organisations worldwide, according to Emsisoft.
Impacted sectors include education, healthcare and finance, with victims ranging from the United States Department of Energy to British Airways and the BBC. However, the impact of the attack is yet to be determined as more victims continue to be revealed and most companies are still conducting investigations.
MOVEit Transfer is a software specialising in automated file transfers of sensitive information and is widely used by the public sector in the UK and the US, including major government agencies.