The Ghosts of Cyber Threats Past: Reflecting on 2023

As we bid farewell to 2023, it’s a good time to look back on the biggest cyber security incidents that unfolded over the past year. The digital realm is ever-evolving, with new challenges emerging all the time – alongside innovative solutions. In this blog, we’ll revisit some of the most notable cyber threats and incidents of 2023, and share valuable insights and advice for the future.

Royal Mail’s Ransomware Attack

It was revealed in January that Royal Mail in the UK had fallen victim to a ransomware attack. Their cyber security woes had technically begun in November 2022, when the organisation detected Emotet malware on its servers. The January ransomware attack used LockBit Ransomware-as-a-Service (RaaS), and impacted a distribution centre near Belfast, affecting international deliveries. The National Cyber Security Centre and other agencies were involved, because Royal Mail is recognised as Critical National Infrastructure (CNI). Details of the ransom weren’t revealed at first, but the hackers demanded nearly £65.7 million. When Royal Mail refused to pay, LockBit leaked their discussions online. In November, it was announced that Royal Mail would be spending £10 million. This will go towards strengthening its cyber defences, and reducing the chance of any future attacks.

Infosec K2K Tip: With our Managed SOC services, you can rest easy knowing that someone is watching over your network. Our expert team offers 24/7 protection, and can act quickly and efficiently to deal with any threats to minimise damage.

Supply Chain Sabotage

2023 witnessed a significant rise in supply chain attacks – they’re set to cost the world $60 billion by 2025. These cyber incidents see criminals infiltrating organisations through vulnerabilities in suppliers’ networks, and wreaking havoc up and down the supply chain. Businesses are being urged to adopt more stringent vendor risk management strategies, and regularly assess suppliers’ cyber defences. The biggest supply chain attack of 2023 – and the largest in recent history – was the MOVEit Transfer breach, which affected more than 60 million individuals. Back in May, the Clop ransomware gang exploited a vulnerability in MOVEit Transfer servers, compromising sensitive data belonging to thousands of global organisations. Approximately 83.9% of known victims come from the United States, while 3.6% are from Germany. MOVEit patched the flaw in May, but more and more victims have come forward throughout the year, and the full extent of the breach isn’t yet known.

Infosec K2K Tip: Here at Infosec K2K, we offer comprehensive security assessment services. With our expertise, businesses can identify potential threats within your network and your supply chain’s network, ensuring resilient and secure cyber defences.

MGM’s Phishing Fiasco

Phishing attacks continued to evolve in 2023, becoming more sophisticated. Traditional cyber security measures are insufficient in the face of these attacks, and employee training is paramount. One of the biggest cyber incidents was at MGM Resorts. The casino chain faced a significant cyber attack in September, which disrupted operations for several days. It affected everything from slot machines to hotel room keys, and compromised customer data. The attack was the result of a phishing scheme orchestrated by the hacking group Scattered Spider. The gang is infamous for its social engineering and ‘vishing,’ or convincing phone calls. The hackers impersonated an employee after finding their information on LinkedIn. They then contacted MGM’s IT help desk to obtain credentials before infiltrating the organisation’s systems. The incident shows that organisations of all sizes can fall victim to cyber threats rooted in human manipulation – 90% of all cyber attacks begin with phishing.

Infosec K2K Tip: At Infosec K2K, we recommend educating your staff on recognising phishing attacks, and conduct simulations and exercises to keep them vigilant. Implementing multi-factor authentication (MFA) can also add an extra layer of protection. IAM assessments are also indispensable, as it was inadequate IAM policies that helped malicious actors compromise MGM’s network. We can help you reduce your attack surface by analysing your access controls and pinpointing any weaknesses.

Zero-Day Dilemmas

The discovery of zero-day vulnerabilities throughout 2023 served as a wake-up call for businesses relying on outdated systems. Businesses should regularly update and patch their software to eliminate potential vulnerabilities. They can stay informed about emerging threats and zero-day vulnerabilities by using threat intelligence services. One of the biggest zero-day vulnerabilities uncovered this year was CVE-2023-27350, a flaw in Microsoft’s PaperCut print management software. The vulnerability allows hackers to bypass authentication procedures and execute codes with heightened privileges. Cyber criminals took advantage of this after it was uncovered in April. It was soon linked to a number of ransomware attacks. The cloud security firm Qualys noted the vulnerability had been exploited by “four malware(s), four threat actors, and four ransomware(s).”

Infosec K2K Tip: Infosec K2K has partnered with top cyber security vendors. These businesses, like Qualys and DomainTools, allow businesses to stay ahead of the curve. By integrating their threat intelligence services, organisations can proactively address any new zero-day vulnerabilities and protect themselves against emerging threats.

As we close the book on 2023, it’s evident that the cyber threats of yesterday can shape the defences of tomorrow. It’s important for businesses to learn from cyber incidents that transpired, and fortify their own defences against ever-evolving threats. By reflecting on the ghosts of cyber threats past, we can pave the way for a more secure digital future.

Whatever solution you’re looking for, we can help. The experts at Infosec K2K can offer you specialist guidance, and help you find the product that’s the best fit for you.

Get in touch with us to find out more about how we can help you.

Year-End Cyber Security Checklist: A Gift To Your Business from Infosec K2K

December has arrived, and as the year draws to a close, it’s not just buying gifts and decorating trees that demands your attention. As you prepare for the new year, it’s important to take a moment to assess your cyber security defences. Cyber criminals won’t take time off for the holidays, after all. Here at Infosec K2K, we understand the importance of ending the year on a secure note. That’s why we present to you our Year-End Cyber Security Checklist – a gift to help you prepare for the challenges that lie ahead.

Conduct a Comprehensive Audit

If you want to ensure your networks are as secure as possible, start by taking stock of your current infrastructure. Evaluate existing security policies, procedures, and technologies, and identify any vulnerabilities that may have emerged over the past year. A security audit can give you an understanding of your organisation’s security status and a better idea of what needs to be improved. At Infosec K2K, we can do this for you, by assessing your network and cyber security strategy. With our comprehensive IAM Health Check, our staff will evaluate everything from your user lifecycle management to how well you adhere to regulatory requirements.

Update and Patch Systems Regularly

Outdated software and unpatched systems are low-hanging fruit for cyber criminals, so don’t give them the opportunity to find their way into your network. By ensuring all of your systems – including operating systems, antivirus software, employees’ devices, and applications – are up to date with the latest security patches, you can reduce your organisation’s attack surface. Regularly updating and patching your systems is one of the most simple yet effective ways of guarding against known vulnerabilities.

Reinforce Your IAM Policies

IAM, or Identity and Access Management, is indispensable for modern businesses because it centralises and secures your users’ digital identities. By allowing businesses to manage user access, IAM ensures only the right individuals have appropriate permissions. You can ensure your employees have the necessary access rights and privileges, and can revoke access for individuals who no longer require it. IAM can add an extra layer of security to your business. If you need help, we’re here. With our IAM Assessments, we’ll find any gaps and offer recommendations.

Educate and Train Employees

Human error remains one of the leading causes of cyber security incidents, so we recommend empowering your employees with cyber security awareness training. Educate them about the methods that cyber criminals are using, the social engineering tactics that you should be on the lookout for, and the importance of strong password hygiene. A well-informed workforce is your first line of defence against cyber threats.

Review Incident Response Plans

No organisation’s immune to cyber threats, and having a well-defined incident response plan is essential. In the case of a cyber incident, every minute counts. Despite this, the UK government’s Cyber security breaches survey 2023 revealed only 21% of businesses have a formal incident response plan. We recommend drawing up a plan if you don’t already have one in place. If you do, review and update your plans, taking into account lessons learned from any incidents from the past year. Ensure that your team is prepared to respond quickly and effectively in the event of a security breach.

Engage in Penetration Testing

Consider engaging in penetration testing to simulate real-world cyber-attacks. This proactive approach to cyber security allows you to identify and address any potential vulnerabilities or gaps in your defences before malicious actors can exploit them. We offer a range of security assurance services, including penetration testing and breach and attacking simulation modelling. Our expert team will find and mitigate any weaknesses, giving you valuable insights into the effectiveness of your defences and helping you fine-tune your cyber strategy.

Manage Your Cyber Security Alerts

Over half of large businesses receive more than 1,000 cyber security alerts every day. It’s important that these are managed properly, as failing to investigate and respond to them can have severe consequences. At Infosec K2K, our Managed SOC services provide real-time monitoring, threat detection, and incident response. Our expert team ensures that potential security incidents and malicious spoofing attempts are promptly identified and addressed. Our partner, DomainTools, also helps businesses respond to cyber threats promptly and effectively with their domain intelligence services – their cyber security practitioners offer real-time predictive risk scoring for 13 billion domains and IPs.

Stay Informed About Emerging Threats

Finally, we recommend staying up to date with the newest cyber threats. They’re constantly evolving, which means that staying ahead of the curve can help you protect your business. Subscribe to reliable sources and stay informed about the emerging threats and attack vectors you need to watch out for. Keep an eye on our LinkedIn page, for example, as our weekly newsletter rounds up the biggest cyber news stories. Staying on top of these developments can help you proactively adjust your cyber security defences and counter new threats.

As we approach the end of the year, take the time to prioritise your organisation’s cyber security. Following the above advice can help to ensure a secure start for the new year. Remember – cyber security is an ongoing process, and investing in your defences today can pay dividends in the future.

Whatever solution you’re looking for, we can help. The experts at Infosec K2K can offer you specialist guidance, and help you find the product that’s the best fit for you.

Get in touch with us to find out more about how we can help you.