In part 2 of our series on the major cyberattacks of 2023 we'll be examining the attacks on Royal Mail and JD Sports. We'll also take a closer look at one of the largest DDoS attacks ever documented and delve into the havoc caused by the Black Basta ransomware spree.
In April a prominent cryptocurrency platform recently weathered one of the most potent distributed denial of service (DDoS) attacks ever witnessed, according to Cloudflare. The threat actors unleashed a staggering 15.3 million requests per second. This assault's severity was intensified due to its delivery through HTTPS requests rather than the traditional HTTP, causing a significant strain on the target because of the heightened computational intensity of HTTPS requests.
The massive resources deployed to execute this attack suggest that DDoS threat actors are gaining increasingly formidable capabilities. Cloudflare identified approximately 6,000 bots responsible for the attack, capable of delivering up to 10 million requests per second. Originating from 112 countries, Indonesia contributed about 15% of the attack's firepower, followed by Russia, Brazil, India, Colombia, and the United States.
The traffic primarily originated from data centres, signalling a shift by DDoS attackers from residential network ISPs to cloud computing ISPs. Compromised servers on cloud hosting providers, many running Java-based applications, were exploited for the attack, along with a significant number of MikroTik routers, likely exploiting the same vulnerability that the Meris botnet did.
This incident underscores the ongoing cyber security arms race between threat actors and cyber security providers.
In January, the UK's Royal Mail service experienced significant disruption after being hit by a ransomware attack. The attack targeted Royal Mail's international shipping facilities, effectively paralysing the transport of parcels and letters through its multitude of post office branches nationwide and caused huge inconvenience for its customers.
The Russian linked LockBit ransomware gang claimed responsiblity for the attack and delivered a ransom demand of £67 million. Royal Mail refused to pay with its negotiators branding the amount ‘absurd’.
Steadfast in their commitment to not negotiate with the attackers, Royal Mail categorically refused to capitulate to the ransom demands. This led the unyielding hackers to threaten the publication of the hijacked and encrypted data online, an act the hackers claimed would be financially dire for the company and its customers. However, the ransom negotiator dismissed the claim pointing out that the attacker had clearly got confused with how the company operated. As a result, the Royal Mail board flat out refused to pay the demanded ransom.
The incident highlighted the importance of businesses not panicking and paying ransoms as well as using skilled negotiators when it comes to ransomware attacks. Despite six weeks of disruption to its overseas postal services the Royal Mail got its systems back online in late February. Lockbit proceeding to release the information it had stolen onto the dark web but
LockBit has been one of the most active ransomware gangs with it being responsible for 33% of the ransomware attacks in the last six months of 2022, a 94% increase compared to its 2021 activity.
In January JD Sports revealed that it was hit by a cyber attack that leaked the personal and financial data of 10 million of its customers who had made online order between November 2018 and October 2020. The stolen data included names, addresses, phone numbers, order details and the last four digits of payment cards.
Since the announcement of the cyber attack JD Sports has confirmed it will be refreshing its cyber security stack following the serious cyber attack it sustained at the start of the year.
Despite expectations that the company could be hit with a large fine for the data breach the Information Commissioners Office (ICO) has told JD Sports that it won’t face any enforcement action as a result of the incident but has identified areas in which the business must demonstrate improvement.
The Black Basta ransomware gang has become one of the most notorious cybercriminal groups in the world. It has been active since 2022 but in 2023 its been on something of a spree of activity and has targeted various public and private sector organisations in Europe and English-speaking countries. The Russia linked gang uses a double extortion technique, where it steals and encrypts the data of its victims and demands a ransom for its restoration. If the victims refuse to pay, the gang publishes their data on its dark web blog.
ABB, a Swiss-based automation giant that employs over 100,000 people and reported revenue of $29.4bn in 2022. The gang attacked ABB through its Windows Active Directory in May 2023 and affected hundreds of devices, disrupting its operations, factories and projects. ABB halted VPN connections with clients to prevent further spread of the malware.
Several US-based companies that were hit by a QakBot-driven campaign in June 2023. QakBot is a banking trojan that is used by Black Basta affiliates to gain initial access to victim networks and then deploy ransomware almost immediately. The campaign targeted organisations from various sectors, such as healthcare, manufacturing, finance and retail.
If you are worried about any of the threats outlined in this blog or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please