Cybersecurity Round Up - Summer 2023

As summer draws to a close we are looking back at some of the biggest cyber breaches and security threats from the last few months. From ransomware to zero-day attacks, it has been an eventful time in the cybersecurity world!

In our latest blog, we analyze the most serious breaches, the common themes and share our advice on how to protect yourself against these kinds of attacks.

MOVEit file transfer vulnerability

In May, ransomware group Clop exploited a zero-day vulnerability in the software of file sharing company MOVEit. MOVEit is an accredited file transfer service that is commonly used by government agencies and highly regulated organisations to protect sensitive data. The vulnerability made headlines around the world and affected more than 1,000 businesses and organisations and over 60 million individuals.

The breach enabled the hackers to gain access to the sensitive data of numerous high-profile companies in the UK including British Airways, the BBC and Boots. The vulnerability exposed the personal data and contact details of thousands of employees and, in some cases, national insurance numbers and banking details. In the weeks following the initial breach, the threat actors leaked the names of hundreds of businesses that were exposed.

Electoral Commission data breach

In early August the UK Electoral Commission announced it had been the victim of a cyber attack going back as far as August 2021.

Although they couldn’t conclusively identify which files had been accessed, they revealed the names and addresses of those registered to vote between 2014 and 2022 could have been exposed. During the attack, the email system of the Commission was also accessible.

Barts Health NHS Trust attack

The NHS’s largest trust announced earlier this summer it was investigating a ransomware breach after it appeared on a list of victims published by the ransomware group BlackCat. The group claimed to have stolen 70 terabytes of data from the trust which serves over 2.5 million people in East London. BlackCat stated it was the largest ever healthcare data breach in the UK, but this is yet to be proven.

The Trust was able to confirm that the data of a small number of individuals was published on the dark web. The stolen data is allegedly made up of employee identification documents and internal emails from within the trust.

University of Manchester data breach

In early June, the University of Manchester was targeted by a cyber-attack by an unidentified group. Students and staff members received emails claiming to be from a hacking group issuing a ‘final warning’ and threatening to expose personal data.

After investigating the attack, the University confirmed that the data of some students and some alumni had been copied.

A new strain of ransomware

This summer, a new strain of ransomware popped up calling itself ‘SophosEncyrpt’ - impersonating the cybersecurity firm Sophos. Initially thought to be created by Sophos themselves, it was quickly discovered to be a new type of ransomware-as-a-service.

Ransomware as a service allows organisations and individuals, who don’t have the funds or the means to launch a ransomware attack of their own, to become serious threat actors. RaaS has quickly become a preferred method of attack for many hackers so we expect to see the trend to continue this year.

How to stay protected

These cyber breaches all illustrate the persistent cybersecurity threat faced by businesses and organisations in every industry across the UK. To help you avoid becoming another cybersecurity statistic, the OX IT team have put together our top tips for staying secure:

Install advanced anti-malware software

Installing anti-malware protection across all devices should significantly reduce the threat of all other types of malware. This is an essential line of defence and will give you peace of mind that your data is safe.

Keep software up-to-date

Hackers look to gain access through old or out-of-date software by exploiting vulnerabilities. Staying up to date with patch management and the latest software will minimize weaknesses in your infrastructure.

Staff training

Email phishing is the single largest cause of cybersecurity attacks in the UK. With the right training, most attacks are easy to spot. Promoting vigilance and education amongst staff seriously reduces the number of low-level breaches.

Strict password management

Up to 80% of data breaches involve stolen or weak passwords as the main vulnerability. Never use the same password across more than one account and implement multi-factor authentication on every platform possible.

Back up your data

Valuable data can be lost or destroyed because of a cyber security breach. Making regular backups through the cloud or external storage will reduce downtime in the event of an attack.

To receive all our latest updates follow us on LinkedIn, Facebook and Twitter.