The risk of a cyber attack has escalated with the increasing technological sophistication of the modern world. As attackers constantly develop more intelligent attack methods, their capabilities have expanded massively.

With these advancements, many businesses have suffered catastrophic consequences due to a variety of attacks in 2023. This includes a significant number of organisations in the United Kingdom, resulting in extensive damage.

This article aims to provide an overview of the worst cyberattacks that have occurred in 2023, so far.

UK Schools Ransomware Attacks Demanding £15M

In January 2023, several news publications reported widespread incidents of ransomware attacks targeting schools across the United Kingdom. The cybercrime organisation "Vice Society" carried out the hacking activities. They first targeted the Los Angeles Unified School District in the Autumn of 2022 and then started focusing on UK schools.

During the latter half of 2022, a total of fourteen schools in the UK fell victim to these ransomware attacks. The compromised data included critical information such as student records, passports, contracts, teaching materials, and other sensitive data. Vice Society subsequently leaked this information on the dark web through a website they hosted.

The vulnerability of educational institutions to these attacks can be attributed to the inadequate attention given to their IT infrastructure. Ross Brewer, from SimSpace, stated that educational institutions lack sufficient investment in IT. This vulnerability exposes them to hackers who are solely motivated by financial gain.

The U.S. Cybersecurity Agency states that Vice Society employs the Hello Kitty/Five Hands and Zeppelin ransomware toolkits. However, the specific approach used in these attacks remains undisclosed. These toolkits combine extortion and distributed denial-of-service (DDoS) attacks to target organisations.

Royal Mail Ransomware Attack Resulting in Weeks of Downtime

In January 2023, the national mail service of the United Kingdom, Royal Mail, experienced a devastating ransomware attack. Russian hackers called LockBit caused a total system shutdown for Royal Mail. This made the organisation use its physical infrastructure instead during the start of 2023. The cyber attack on Royal Mail's systems caused damage and put their data at risk unless they paid the ransom.

Royal Mail responded promptly to the attack by notifying the Information Commissioner's Office and the UK National Cyber Security Centre. They also issued a statement as quickly as possible.

However, the primary challenge faced by the organisation was the total loss of its infrastructure. This led to significant delays and widespread disruption, exacerbating the existing post-Christmas delays. As a result, the company came to a virtual standstill for several weeks.

This incident underscores the importance of having a robust backup system in place to mitigate the impact of a cyber incident. The damage inflicted on Royal Mail's reputation during this period was irreparable and resulted in significant financial losses amounting to millions.

Twitter Data Breach of 200M Users

In 2023, Twitter had a large data breach and the personal information of more than 200 million users was leaked.

The breach details are unclear. Alon Gal, from Hudson Rock, an Israeli cybersecurity company, has analysed the leaked data. The data was found on a hacking forum online. Gal described it as "one of the most significant leaks" they have ever encountered.

The exact cause of this extensive breach remains uncertain. Determining how the breach occurred is challenging. However, there are some indications, such as a potential bug in the site's API.

Double Extortion Ransomware Attack of Lagan Specialist Contracting Group

In February 2023, Lagan Specialist Contracting Group, a construction company based in Northern Ireland, experienced an attack. The attack was carried out by the same group that was responsible for the Royal Mail ransomware attack, known as LockBit. Like the Royal Mail incident, the attack on Lagan employed a double extortion strategy. This approach involved both denying service to the victim's servers and breaching their data.

LockBit has attacked many organisations in the UK and Ireland. Some of them had their data leaked on the dark web because they didn't pay the ransom.

10 Million User Data Breach of JD Sports

In January 2023, the UK fashion retailer JD and its affiliated brands, including JD, Size?, Millets, Blacks, Scotts, and Millets Sport, experienced a cyberattack.

The company stated that the attack was "limited," and they expressed confidence that payment data and account passwords remained secure. However, personal information such as names, billing addresses, phone numbers, and order details of approximately 10 million unique customers were compromised.

The origin of the attack remains unclear. Rather than attempting to extort the brand, the attacker chose to copy and leak the data on the dark web. As a result, there is no definitive information available regarding the identity of the attacker or the specific methods employed in the attack.

SD Worx Cyberattack Suspends Services in UK and Ireland

In April 2023, SD Worx UK and Ireland, a big HR and payroll company, were attacked by hackers. Millions of workers from 82,000 companies couldn't get their pay and wages due to the outage.

SD Worx reported detecting malicious activity within their data centre, prompting them to shut down all systems to prevent further damage. This decision resulted in weeks of service downtime, impacting numerous businesses across the United Kingdom.

Not much is known about the bad activity that made SD Worx stop their services in the UK and Ireland. However, the attack likely involved a data breach aimed at extracting and leaking data from their data centre.

How to Protect Your Business

Numerous companies have suffered severe consequences from cyberattacks throughout 2023. As attacks become more advanced, cybersecurity breaches and incidents are getting more attention due to technological advancements.

To protect your business from cyberattacks, it is crucial to implement robust cybersecurity measures. Here are some steps you can take to safeguard your company's data and systems:

Regularly update software and operating systems: Hackers often exploit vulnerabilities in outdated software. By regularly updating your software and operating systems, you can patch these vulnerabilities and reduce the risk of a successful attack.
Use strong passwords and multi-factor authentication. Encourage employees to create complex passwords with letters, numbers, and special characters. Additionally, enable multi-factor authentication for all accounts to add an extra layer of security.
Educate your employees about cybersecurity best practices: Human error is one of the leading causes of cyber incidents. Train your employees on how to identify phishing emails, avoid suspicious links, and report any unusual activity. Regularly remind them about the importance of following cybersecurity protocols.
Protect your important information from cyberattacks by regularly backing up your data with a strong backup plan. Regularly back up your data to an offsite location or cloud storage, and test the restoration process to ensure its effectiveness.
Conduct regular security audits: Regularly assess your network and systems for any vulnerabilities or weaknesses. This can be done through penetration testing and vulnerability scanning. Address any identified issues promptly to minimise the risk of a successful attack.
Create a plan for responding to cyber incidents that include clear steps to follow in case of an incident. This plan should include procedures for containment, investigation, and recovery. Regularly review and update the plan to adapt to evolving threats.

By implementing these measures, you can significantly reduce the risk of falling victim to a cyberattack. Remember, cybersecurity is an ongoing process, and staying vigilant is key to protecting your business in today's digital landscape.

If you are considering implementing any of these measures within your organisation, we encourage you to reach out to us. Our team of experts is available to assist you in safeguarding your business and implementing appropriate security measures. Additionally, we can provide guidance on strategies to help your organisation recover from potential catastrophes.

Contact ACS today to explore how our services can support and protect your business.