The big cyberattacks of 2023 and what we can expect for 2024

Get a run down of the big hacks of 2023, what emerging threats we can expect next year and how to stay safe. Make online security a priority in 2024. 

Now the year is ending, it’s a good time to reflect on the notable threats we faced during 2023 from cybercriminals as these hold many clues about what we can expect going forward.  

Cybercrime is evolving 

As cybersecurity experts, our aim is always to understand and learn as much as we can about cybercrime trends, and the emerging and established ways threat actors make our online environment vulnerable.  

Intelligence is everything when it comes to online threats, so we can be prepared with the best defence possible, with our eye on the emerging new tools we need as technology, and ways to breach our online security, become more advanced.

The big attacks of 2023

Some of the organisations affected by threat actors this year may be familiar to you. You, or someone you know, may have even been affected by the incident personally. The point is – cybercrime is no longer something that just ‘happens to other people’, it’s happening on your virtual doorstep every minute of every day.  

The Guardian 

This one began in 2022 with a phishing email to a member of staff. Although the outside world, and  customers of the newspaper, were unaffected, there was internal turmoil and staff were requested to work remotely to allow systems to be disconnected. Internal comms tools were also affected. 

The Guardian cyber attack has since been described as a ‘close call’. Staff had to use manual procedures during the sophisticated attack that allowed unauthorised third-party access to the network and staff information to be accessed. 

Royal Mail ransomware attack 

It took over a month for the organisation to recover from this ransomware attack, which was first detected when Emotet malware was detected on Royal Mail servers. Servers later began printing the cybercriminals ransomware demands as part of an attack using LockBit Ransomware-as-a- Service (RaaS). 

The attack mostly affected international deliveries and the Royal Mail published an incident bulletin at the time, but important information about RaaS LockBit has been learnt. Just like a non-criminal business, RaaS providers offer advice to their customers, to avoid capture and continuously update their software. Attacks such as these are complicated to investigate and to successfully bring to any conclusion.  

MOVEit

It’s thought that 2000 organisations and 60 million individuals were affected by MOVEit falling victim to an attack that enabled cybercriminals to obtain sensitive information. MOVEit is a file transfer platform designed to transfer and transport data securely.   

This was a ‘supply-chain attack’ as the weakness was achieved in where the organisation’s main activity takes place, allowing the perpetrators to steal data from MOVEit transfer databases. The issue was since patched, but it took many months and experts to achieve. 

UK Electoral Commission 

In August this year, the Electoral Commission issued a public notification that approximately 40 million people’s personal data had been exposed in a security breach, including home addresses, names, telephone numbers and webform contents that contained other items of personal information. 

A whistleblower informed the BBC the Commission had failed a Cyber Essentials audit and investigations discovered there was an unpatched server, which was vulnerable at the time of the attack. 

The Cyber Essentials scheme is the UK government programme, run with the National Cyber Security Centre to help organisations enact five security controls to keep an absolute minimum of security.

Emerging trends of cyberattacks 

The rise of RaaS (Ransomware-as-a-Service) is in strong evidence, which makes it easier for less skilled criminals to launch ransomware campaigns, since they’re supported in their efforts by RaaS providers.  

Supply-chain attacks also emerge as a significant trend as cybercriminals seek to exploit whole networks which are interconnected. The need for cybersecurity to be stronger than ever throughout these ecosystems should be a priority.  

And, as businesses continue to utilise the cloud environment, attackers will continue to exploit vulnerabilities, such as insufficient encryption and misconfigurations, highlighting the need for comprehensive monitoring and management. 

Proactive cybersecurity strategies 

The cybercriminals never stand still in their use of technology and ability to enact ever-sophisticated threats, therefore our need to be ‘security-first’ becomes increasingly crucial. 

Vulnerability and penetration testing, employee training, monitoring and configuration management must all be employed to remain as safe as possible in a vulnerable online operating environment.  

We can help you put the most robust forms of cybersecurity measures in place, as well as obtain Cyber Essentials accreditation. Get in touch with our cybersecurity experts to find out more and get your online security sorted out for 2024. 

< Read more articles on our IT Academy