Date: 23 May 2023
The first half of 2023 isn’t even close to over yet. But we’ve already seen enough cyber attacks that could fill pages till the end of the year. It’s true that cybersecurity capabilities and the technology to beat advanced criminals is evolving rapidly. But unfortunately, the sophistication and agility of hackers is improving at a faster rate.
In this blog, we are turning the spotlight on some of the biggest (in our opinion) cyber attacks, data breaches and ransomware attacks that made news in the first four months of 2023. These attacks, may or may not be, the 5 biggest ones of the year. But they're definitely amongst the ones you should know about.
Some experts suggest that Cyber Crime is the cause of the greatest transfer of wealth in the history of the world. Cybersecurity Ventures predicts that the cost of cyber attacks will reach an estimated $10.5 trillion annually by 2025.
It’s important to note here that the cost of cyber attacks refers to a cumulation of expenses. These include but are not limited to:
- The cost of data loss and recovery.
- The cost of data that has been damaged and/or tampered with.
- Stolen money.
- Money lost in payment of ransomware (though this is never recommended).
- Lost productivity due to disrupted operations.
- Damage to intellectual property.
- Cost of recovering from stress and the impact on employees’ mental health.
- Cost of investigation and forensics.
- Restoration of data and affected systems.
- Cost of recovering from the reputational damage that cyber-attacks cause.
- Cost of fines or regulatory fees if applicable.
The primary reason for highlighting these attacks is to press upon the fact that there is an urgent need for a shift in corporate mindset. Cybersecurity can no longer be viewed as an after-thought. Long gone are the days when it figured last on the list of priority items. Management teams can no longer believe that they must first establish the business, enter new markets, conduct extensive PR activities and then worry about cybersecurity.
Getting your cybersecurity processes and procedures right from the very start is now critical. It must go hand-in-hand with every other important business activity if those activities have to be protected from disruption.
If you don’t have any cybersecurity artefacts or emergency cyber incident response plans in place, it’s not too late. You can hire specialists like our Virtual Cyber Assistants. They can work with you flexibly and remotely over the long term to help you build a sound cybersecurity maturity. You should at least have the basic, minimum assurance that if you were attacked tomorrow, you could potentially bounce back from it - with the least possible disruption.
Recent Cyber Attacks in 2023:
1. DDoS Attacks on German Airports: This string of attacks started with a supposed IT failure at Germany’s largest carrier Lufthansa. Thousands of passengers were left stranded as about 200 flights were grounded due to an IT outage. Lufthansa initially issued a statement saying the outage was caused by damaged broadband cables accidentally cut on the railway line during construction work.
Pro-Russian gang Killnet, however, took responsibility for the attack. They said they bombarded Lufthansa’s network with a three-million-requests-per-second DDoS attack. Supposedly, the attack was in retaliation for Germany’s support for Ukraine.
Following closely on the heels of the Lufthansa outage, websites of more airports in Germany went offline. These included the popular airports of Dusseldorf, Nuremberg, and Dortmund.
A hacker group that calls itself “Anonymous Russia” took responsibility for the cyber attacks on seven German airports.
As per some estimates, more than 2,300 flights were cancelled and all of Germany was cut off from international air traffic. Speaking of the intangible costs of cyber crime, one can only imagine what the stranded passengers, the airline crew and staff went through.
The infamous ALPHV ransomware group then took responsibility for the attack. They also posted samples of Sun Pharma’s data on their leak site, claiming they had over 17 TB of the pharma giant’s data.
While Sun Pharma initially denied the ransomware attack having any significant impact on their business or core operations, a filing to the stock exchange revealed that the attack did have an impact on the company’s business operations and revenue.
3. Royal Mail: This ransomware attack made a huge splash in the media and for good reason. It affected the daily life of several common people as well as small to medium businesses.
Royal Mail was hit by a ransomware attack in January 2023. The international shipping of parcels and letters came to a standstill. The attackers, LockBit ransomware, made a huge ransom demand which the organisation obviously refused to pay. But the attack did debilitate operations at the 500-year old organisation.
Read all about this major ransomware attack in 2023 in our detailed RoyalMail Attack Timeline.
In March, the loan giant announced that a cyber criminal stole an employee's login to breach two of the company's service providers holding customer data. Initially, Latitude Financial stated that data of 3,28,000 customers was compromised. It later said the affected customer number was actually a whopping 14 million and customers in both Australia and New Zealand were affected.
This information included names, full addresses, emails, dates of birth and even passport numbers. This is the largest known theft of data from an Australian financial organisation.
5. All India Institute of Medical Sciences: Another Indian name on the list but unfortunately this one severely impacted the delivery of healthcare services to the common man.
All India Institute of Medical Sciences or AIIMS New Delhi is one of the foremost and largest government healthcare institutions in the country. 5 of its servers were allegedly impacted by a recent ransomware attack. This apparently led to encryption of 1.3 TB of patient data and forced hospital operations to run manually.
If you are concerned about your ability to handle a cyber-attack or ransomware attack, reach out to us today. Our highly-experienced Cybersecurity Consultants can help you achieve your desired cybersecurity goals within a time-frame that suits your organisation.
In the meanwhile, here are some handy, printable resources created by our experts which you can start implementing in your organisation right away:
- Ransomware Readiness Checklist - 9 steps you can take today to be better prepared for a ransomware attack on your organisation.
- Ransomware Response Checklist - An easy-to-follow, non-technical checklist on what to do right after you’ve been attacked.
- Ransomware Response Workflow - A no-nonsense, visual workflow that can really come in handy when you’re under a ransomware attack.
