Happy New Year everyone! 2023 has just begun and the cyber criminals haven’t wasted any time in getting busy attacking businesses and organisations.  

Guide-to-2023-CTA

This week’s observation from our Incident Response Team  

As the New Year gets under we thought it’d be a good idea to list the most likely possible targets for criminal activity in 2023.  

Targets will include the Internet of Things (IoT) and the growing number of devices and systems it controls, as well as mobile devices, which are increasingly targeted by malicious apps, phishing, and other types of attacks.  

Supply chain attacks, where criminals exploit flaws in vendor’ systems to gain access to their clients networks, will also continue to be a threat. Remote work and the blending of personal and corporate devices on domestic networks will also provide opportunities for attackers to use social engineering or other tactics to gain a foothold in networks.  

Finally, with AI and machine learning tools being increasingly available to the masses we may see criminals begin to use AI and machine learning to inform their attacks.  

Phishing, ransomware, and other common forms of cyber-attacks will continue to be a threat in 2023. While employee training and awareness is important, it is not enough to protect organisations from these cyber threats. Businesses should try to drive behavioural change alongside implementing robust security measures.  

Further Reading : Planning your Risk Strategy for 2023: 4 things to consider 

CTA-MDRVulnerabilities 

It is likely that in the coming year, we will see some significant cyber incidents and data breaches resulting from unpatched Citrix vulnerabilities that were only addressed late in 2022. Specifically, thousands of unpatched Citrix ADC and Gateway deployments are at risk from the authentication bypass vulnerability CVE-2022-27510 and the remote command execution vulnerability CVE-2022027518. These vulnerabilities can allow attackers to gain unauthorised access, bypass login protections, and take control of devices. It is crucial that organisations apply the patches released to address these vulnerabilities as soon as possible in order to protect their systems. 

CTA-MSS-1Here’s a roundup of the cyber security incidents that have made headlines this week. 

New report shows the NHS is the most impersonated government organisation  

A new report released by the National Cyber Security Centre (NCSC) this week revealed that the National Health Service (NHS) is the most impersonated government organisation in the UK. Following on from the Covid-19 pandemic and current headlines regarding the NHS it’s little surprise that cyber criminals choose to impersonate the organisation in phishing campaigns.  

The NCSC also revealed that TV Licensing, Gov.uk, Driver and Vehicle Licence Agency (DVLA) HM Revenue & Customs and the energy regulator Ofgem were all highly impersonated. As the cost of living crisis bites we can expect to see an increase in malicious emails, texts and other phishing attempts utilising these agencies. With energy bills and financial concerns high threat actors will seek to take advantage. You can read our guide on Phishing HERE  

Guardian newspaper offices still closed due to Ransomware attack fallout 

During the holiday season, while many were taking time off, cyber criminals were hard at work. One notable example was the suspected ransomware attack on the Guardian newspaper. The attack, which was reported on December 21st had a significant impact on the company’s technology infrastructure and led to staff being told to work from home. The restoration of all IT systems is expected to take several weeks. This incident highlights the ongoing threat of ransomware and the need for organisations to have robust security measures in place to protect against these types of attacks.  

LockBit ransomware gang apologises, blames partner group for attack on SickKids children’s hospital 

The notorious LockBit ransomware group, known for its extortion attacks, issued a formal apology for an attack on Canada’s largest children hospital. In a message that highlights just how large and how well organised the gang is, the group claimed that the attack was carried out by a now-blocked affiliate and released a decryptor for the victim to use to recover their encrypted files. This rare apology may suggest that there’s some dissent among the groups members over what organisations are ‘valid’ targets. Healthcare organisations have been increasingly targeted by ransomware attacks with several high profile incidents occurring in 2022 including attacks against the NHS and the ongoing fallout of the 2021 ransomware attack against the Health Service Executive of Ireland (HSE).  

Twitter breach exposes the information of 235 million users 

Wednesday saw a significant data leak being revealed in the media. According to cyber intelligence company Hudson Rock, the details of approximately 235 million Twitter users was discovered on an online hacker forum. The data dump includes user names, email addresses, screen names, follower numbers and some phone number. Such a leak could see a significant rise in targeted phishing and further highlights the importance of organisations needing to better protect the personal information of their users.  

CTA-Incident-ResponseIf you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Contact Us