Cyber Security For Businesses | A Review Of 2023 – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

This week, we are sharing the cyber attacks which had the most impact on businesses throughout 2023. If you listen to our podcast, you will also be able to hear the team discuss these attacks in more detail, as they list and explain which factors have contributed to derailing some of our country’s largest organisations and institutions. By keeping up with these threats you are likely to be able to implement the right protocols to enhance cyber security for businesses around the world.

Royal Mail Cyber Attack – Still paying for it

In January 2023, Royal Mail experienced a significant cyber attack when it fell victim to the LockBit ransomware, a group associated with Russian criminals. The attackers demanded a substantial ransom for the decryption key, but Royal Mail refused to comply. Consequently, the hackers threatened to publish the stolen and encrypted data online. The ransomware severely disrupted international deliveries, prompting the organisation to advise customers to seek alternative carriers.

The attack persisted for weeks and impacted Royal Mail’s computer systems for dispatching international deliveries. The ransom note indicated a demand in the millions, emphasising the seriousness of the situation. As a crucial part of the UK’s infrastructure, Royal Mail’s inability to send overseas letters and parcels had broader implications, affecting domestic and international communications and businesses.

Ransomware attacks pose an ongoing threat globally, and this incident underscored the vulnerability of critical national infrastructure to such cyber threats. The investigation revealed the LockBit ransomware’s solid Russian connections, though the actual perpetrator’s location remained uncertain.

The National Crime Agency, in collaboration with the National Cyber Security Centre, worked to understand the attack’s impact. Despite efforts to address the issue, Royal Mail continued to experience delivery disruptions, adding to the organisation’s challenges in recent months, including strikes by postal workers over pay and conditions.

If you listen to the Neuways Cybersafe podcast, we are able to help C-suite level executives implement their own cyber security for businesses. Our advice, tips and easy-to-understand overview and analysis of Cyber Security helps clients and business owners to better understand cyber security.

—

Cyber-attack on UK’s electoral registers revealed

In August 2023, the UK Electoral Commission disclosed a significant cyber attack involving “hostile actors” who gained access to the electoral registers, compromising the personal information of approximately 40 million individuals. The breach included unauthorised access to servers containing emails, control systems, and reference copies of electoral registers from 2014 to 2022, affecting both domestic and overseas voters. The compromised data encompassed names, email addresses, home addresses, telephone numbers, and additional personal information submitted via web forms or emails.

The Electoral Commission, having failed a Cyber Essentials audit around the time of the attack, revealed the incident publicly in August 2023. Despite the breach being discovered in October 2022, the commission delayed disclosure to secure systems, assessed the extent of the incident and implemented enhanced security measures. The attack, described as “very sophisticated,” did not impact election outcomes or alter registration statuses. While the accessed personal data did not pose a high individual risk, there were concerns about potential profiling combined with other public information.

The commission undertook steps to fortify its systems against future cyber attacks, updating login requirements, alert procedures, and firewall policies. The Information Commissioner’s Office initiated an urgent investigation into the data breach, emphasising the need for a comprehensive inquiry. Analysts highlighted the seriousness of the violation, emphasising the attackers’ patient and skilled approach, indicative of a probing operation seeking vulnerabilities in the UK’s democratic process. The incident raised concerns about the security of electoral systems and reinforced arguments against adopting e-voting in favour of traditional pen-and-paper methods.

Interested in making your business less vulnerable to cyber security threats? Become Cybersafe and implement cyber security for businesses with Neuways.

—

Threat actors compromised MGM Resorts

In September 2023, MGM Resorts International experienced a devastating cyber attack orchestrated by a criminal group known as Scattered Spider (aka Roasted 0ktapus, UNC3944, or Storm-0875). The attack, executed through a sophisticated social engineering tactic, resulted in MGM Resorts shutting down its operations temporarily. As a global hospitality and entertainment giant with a $110 million (£89.6 million) impact, MGM Resorts’ scale far surpassed that of small and medium-sized businesses.

The attackers, affiliated with AlphV, claimed to have compromised MGM Resorts’ Okta environment and infiltrated the Okta Agent servers. They exploited this access to identify vulnerable passwords, forcing MGM Resorts to shut down its Okta servers. The threat actors also boasted about possessing super administrator privileges in the company’s Azure tenant.

AlphV, suspected of collaborating with Scattered Spider, had previously targeted Caesars Entertainment, a rival Las Vegas hotel and gaming company, in a social engineering attack that led to the theft of customer data. This incident follows a trend revealed by Okta, which had disclosed similar social engineering attacks just two weeks prior.

To protect against social engineering attacks, businesses must be vigilant in recognising phishing attempts, implement robust multifactor authentication (MFA), and educate employees about potential threats. Okta, the service provider affected in this attack, emphasised that while there was no compromise of its systems, it was actively assisting MGM Resorts in restoring normal operations.

The Cyber security and Infrastructure Security Agency (CISA) confirmed its collaboration with MGM Resorts to address the incident. At the same time, researchers from Mandiant revealed that Scattered Spider often employs SMS phishing techniques to target help desks and manipulate multifactor authentication.

In response to the evolving threat landscape, organisations are urged to stay informed about mitigation recommendations provided by cyber security experts at Neuways and remain proactive in securing their systems against social engineering tactics, which continue to pose a significant risk to businesses of all sizes. Become Cybersafe with Neuways.

—————————————————————————————————————————–

Contact Neuways to help your business become

Cybersafe

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today.