The Worst Cyberattacks in 2023 (so far)

Business Insights
20/09/2023

The threat of a cyberattack is a threat that has only risen as the modern world has become more technologically advanced. With new attacks becoming more intelligent and powerful, the capabilities of attackers have risen tenfold.


Because of these advancements, a range of attacks has led to catastrophe for many businesses throughout 2023 — lots of organisations throughout the United Kingdom have been hit by crippling cyberattacks, many of which have caused prolific levels of damage.


In this article, we're going to go over the details of what happened in the worst cyberattacks of the year, so far.


UK Schools Ransomware Attacks Demanding £15M

In January 2023, several news publications reported widespread incidents of ransomware attacks targeting schools across the United Kingdom. The cybercrime organisation "Vice Society" carried out the hacking activities.


During the latter half of 2022, a total of fourteen schools in the UK fell victim to these ransomware attacks. The compromised data included critical information such as student records, passports, contracts, teaching materials, and other sensitive data. Vice Society subsequently leaked this information on the dark web through a website they hosted.


The vulnerability of educational institutions to these attacks can be attributed to the inadequate attention given to their IT infrastructure. Ross Brewer, from SimSpace, stated that educational institutions lack sufficient investment in IT. This vulnerability exposes them to hackers who are solely motivated by financial gain.


The U.S. Cybersecurity Agency states that Vice Society employs the Hello Kitty/Five Hands and Zeppelin ransomware toolkits.


Royal Mail Ransomware Attack Resulting in Weeks of Downtime

In January 2023, the national mail service of the United Kingdom, Royal Mail, experienced a devastating ransomware attack. Russian hackers called LockBit caused a total system shutdown for Royal Mail. This made the organisation use its physical infrastructure instead during the start of 2023. The cyber attack on Royal Mail's systems caused damage and put their data at risk unless they paid the ransom.


Royal Mail responded promptly to the attack by notifying the Information Commissioner's Office and the UK National Cyber Security Centre. They also issued a statement as quickly as possible.


However, the primary challenge faced by the organisation was the total loss of its infrastructure. This led to significant delays and widespread disruption, exacerbating the existing post-Christmas delays. As a result, the company came to a virtual standstill for several weeks.


This incident underscores the importance of having a robust backup system in place to mitigate the impact of a cyber incident. The damage inflicted on Royal Mail's reputation during this period was irreparable and resulted in significant financial losses amounting to millions.


10 Million User Data Breach of JD Sports

In January 2023, the UK fashion retailer JD and its affiliated brands, including JD, Size?, Millets, Blacks and Scotts, experienced a cyberattack.


The company stated that the attack was "limited," and they expressed confidence that payment data and account passwords remained secure. However, personal information such as names, billing addresses, phone numbers, and order details of approximately 10 million unique customers were compromised.


The origin of the attack remains unclear. Rather than attempting to extort the brand, the attacker chose to copy and leak the data on the dark web. As a result, there is no definitive information available regarding the identity of the attacker or the specifics of the attack.


SD Worx Cyberattack Suspends Services in the UK

In April 2023, SD Worx UK and Ireland, a big HR and payroll company, were attacked by hackers. Millions of workers from 82,000 companies couldn't get their pay and wages due to the outage.


SD Worx reported detecting malicious activity within their data centre, prompting them to shut down all systems to prevent further damage. This decision resulted in weeks of service downtime, impacting numerous businesses across the United Kingdom.


Not much is known about the bad activity that made SD Worx stop their services in the UK. However, the attack likely involved a data breach aimed at extracting and leaking data from their data centre.


How to Protect Your Business

Numerous companies have suffered severe consequences from cyberattacks throughout 2023. As attacks become more advanced, cybersecurity breaches and incidents are getting more attention due to technological advancements.


If you are looking to improve your security posture within your organisation, we encourage you to reach out to us. Our team of experts is available to assist you in safeguarding your business and implementing appropriate security measures.


Contact us today to explore how our services can support and protect your business.


Visit https://www.acs.co.uk/ Email info@acs.co.uk or Call 0207 952 5001