Security Stop Press : 2023’s Most Notable Cyber Attacks

Cyber Security News has compiled a top 10 most notable cyber-attacks of 2023 list, serving as a reminder to businesses that advancements in technology, increased connectivity, and the more sophisticated tactics used by threat actors mean that cyber-attacks are evolving at a rapid pace.

Top of its list is the MOVEit Mass Attack launched by a Russian hacking group which used the MOVEit file transfer software to extort an estimated $75-100 million from 2,667 organisations. The others in the list include Cisco IOS XE attacks, the US government hacked via Microsoft 365, the Citrix Bleed attack, Okta’s customer support data breach, the Western Digital cyber-attack, and the MGM Resorts breach. The list also includes the Royal Ransomware attack over the city of Dallas, the GoAnywhere attacks, and the 3CX software supply chain attack.

Businesses should, therefore, make sure that they are well protected for 2024 from a wide range of common cyber-attack methods, including malware, phishing, distributed denial of Service (DDoS), man-in-the-Middle (MitM), and many more.

Security Stop Press : Unsecured Printers A Cause Of Cyber Attacks For SMBs

Research from Sharp shows that unsecured printers have been the cause of cyber-attacks for one-fifth of European SMBs, and for one half of public sector organisations.

Despite the office printer being an under the radar weak spot for cyber-attacks like phishing, malware, and computer viruses, fewer than a quarter of UK SMBs report educating their employees about either scanner or printer security.
Sharp reports that the most common printer vulnerabilities which lead to the attacks are the use of default passwords, unsecured network connections, and outdated firmware.

The advice to SMBs is to keep software for scanners and printers updated, regularly back up data, and to encourage a consistent security policy across teams working from multiple locations.

Tech News : Cyber Attacks Burn Out Security Experts

A new survey from CyberArk has revealed that increased workloads caused by a surge in cyber threats and attacks has led to 59 per cent of UK senior cyber security professionals facing burnout.

Cyber Crime Levels High 

The results of the survey highlight the growing workload pressure on cyber security professionals because in just the past 12 months alone, a staggering 80 per cent of UK organisations have experienced a ransomware attack, a 10 per cent increase on last year. Also, almost half of those affected (47 per cent) have opted to pay the ransom (at least twice) to enable recovery.

Workload And Other Challenges 

In order to protect businesses from growing threat levels, cyber security teams have, therefore, been required to work long hours whilst facing the challenges caused by the limited budgets and resources that are the result of economic pressures, as well as the challenges of a skills gap and global shortage of cybersecurity professionals. For example, a recent ISC2 report shows that there was a 3.4 million global shortage of cyber security professionals last year, compared with a total cyber workforce of 4.7 million.

Other Supporting Research 

Other research that supports the plight of under-pressure cyber security workers includes a Chartered Institute of Information Security (CIISec) survey that found almost a quarter of security practitioners work more than 48 hours per week, and Gartner research (2023) highlighting how high levels of stress could see nearly half of security leaders switching careers by 2025.

Taking A Break Or Leaving The Profession 

Consequently, even though cyber security professionals need to be performing at their absolute best, instead they are experiencing burnout (according to the CyberArk survey), and are choosing to either take a break from work to concentrate on their wellbeing or leaving the professions, thereby adding to the lack of security professionals in businesses, increasing the vulnerability of those businesses to cyber-attacks.

More Than Two-Thirds Of Senior Decision Makers Affected

CyberArk’s survey shows, for example, that 66 per cent of C-level executives (senior cyber defence decision makers in businesses) feel that they are experiencing burnout, which raises concerns about their ability to deal with the increasing and evolving threats effectively.

For example, as David Higgins, senior director, of the field technology office at CyberArk puts it: “Burnout is alarming in that context, because it impairs the ability to defend their organisation. One wrong decision or missed signal can open the door to reputational and monetary damage for an organisation.” 

What Does This Mean For Your Business? 

The findings from CyberArk paint a stark picture for UK businesses, showing the front-line against cybercrime is wearing thin. The apparent burnout epidemic among cybersecurity professionals is not only a health crisis but a strategic business vulnerability. When these specialists are overworked and stressed, their capacity to guard against cyber threats is compromised, and as a result, the risk to business operations, sensitive data, and company finances escalates.

UK companies should, therefore, take immediate steps to prioritise the well-being of their security teams. This means cultivating an environment where work-life balance is possible and supported by management. It also includes re-evaluating workloads to ensure they are sustainable and providing access to mental health resources. These measures may help in maintaining a vigilant and capable cybersecurity workforce.

Equally critical is addressing the shortage of cybersecurity professionals through targeted talent development and diversified recruitment strategies. Training programs and professional development opportunities can be powerful incentives for both recruitment and retention, and recruits that can grow with the company.

C-level executives (cyber security decision-makers) experiencing burnout themselves need to set the right tone for the organisation’s work culture, for example by openly acknowledging the issue and advocating for sufficient resources. This could (in some measure) help bring the change that reinforces the company’s defence against cyber threats.

Preventing cybersecurity burnout, therefore, is more than a human resources issue and is an essential investment in a business’s operational security. As cyber threats increase, it is clear that protecting the protectors through a compassionate and comprehensive approach to workforce management is not just beneficial but necessary for sustaining business integrity in the digital age.

Security Stop Press : Mass WS_FTP Exploitation Warning

Researchers at Rapid7 have reported a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server (a program that enables the upload and download files to and from a server).

Rapid7 reported that from September 30, it has observed “multiple instances of WS_FTP exploitation in the wild”.

With secure file transfer technologies continuing to be popular targets for attackers, the advice is to update/upgrade to a patched version of WS_FTP Server such as 8.8.2.

Also, those using the Ad Hoc Transfer module in WS_FTP Server who can’t update to a fixed version are advised to consider disabling or removing the module.

Security Stop Press : FraudGPT

Researchers from Netenrich have reported finding “FraudGPT” being sold on the dark web. It’s been described as a subscription-based generative AI tool for creating malicious cyberattacks. It’s been reported that the tool can do anything from writing malicious code and malware to creating phishing campaigns, thereby making putting advanced attack methods available to even inexperienced attackers, potentially democratising weaponised generative AI at scale.

This highlights the importance, not just of businesses prioritising their cyber defences, but also the need for AI-based defences at the start of what some have described as an ‘AI arms race.’

Security Stop Press : Cyber Attack On Ambulance Patient Records System

A cyber-attack aimed at Sweden-based health software company Ortivus has left several of its UK NHS ambulance service trust users struggling to record patient data.

The affected trusts, including South Western Ambulance Service Trust and South Central Ambulance Service Trust serve 12 million people.

With electronic patient records unavailable, staff have reportedly been told that efforts to patch servers are ongoing. Ortivius has said in a statement that “No patients have been directly affected”.