It’s been a busy first half of the year for the cybersecurity sector. The threat landscape remains increasingly volatile and organizations live in constant fear of becoming the latest victims of a major security breach.
In this edition of our Cyber Threat Briefing, our team of experts has picked out three cyberattacks that have hit the headlines in recent weeks. Here they offer their thoughts on the impact of each incident and what organizations can do to avoid becoming the victim of a similar attack.
European Infrastructure under attack from Russian hackers
The UK’s National Cyber Security Center (NCSC) has warned that Russian-aligned cyber groups are becoming a growing threat and looking to target critical infrastructure in the West. Although not under the formal control of Moscow, these groups are motivated more by ideology than money and surfaced after Russia invaded Ukraine.
These groups are largely comprised of activists with no specialist cyber skills but want to support a nation-state’s objectives and focus on distributed denial-of-service (DDoS) attacks. For example, in January 2023, seven Danish banks and the Danish central bank were targeted by a Russian hacktivist group that is known to be aligned with the Russian government. The attack was made possible by vast numbers of people signing up for a DDoS attack and directing large amounts of traffic to the banks’ websites, which ultimately caused them to crash.
Before the outbreak of the war, attacks of this type were not very common. However, since the invasion, it’s believed Russia is responsible for launching thousands of cyberattacks against Ukrainian and Western targets.
Oliver Dowden, the Chancellor of the Duchy of Lancaster, recently addressed the CyberUK conference in Belfast and said these pro-Russian groups have begun focusing their efforts on the UK. As a result, the NCSC has issued an official threat alert to the UK’s critical businesses. The alert warned that activities are becoming less predictable than normal because the groups are not subject to formal state control.
As geopolitical tensions continue to rise, it’s imperative to ensure your critical infrastructure is protected. How can you achieve this? Awareness is key. Understand the current cybersecurity landscape, know what attacks are happening and which part of businesses hackers are targeting. This will help strengthen your defenses and your ability to respond to an attack.
It’s really important to understand what normal looks like. The ability to spot abnormalities is critical.
GoDaddy subject to a multi-year cyberattack
All-in-one website builder and domain registrar, GoDaddy, has admitted it was the victim of a multi-year cyberattack. Hackers stole source code and installed malware on GoDaddy servers. The attack was identified in December 2022 when customers reported that their sites were being used to redirect random domains. However, it soon became apparent that bad actors had had access to the company’s servers for several years.
GoDaddy, which hosts more than 84 million domain names, said that previous breaches, which were disclosed in March 2020 and November 2021, were also linked to this campaign. The 2021 data breach affected 1.2 million Managed WordPress customers after attackers used a compromised password to breach GoDaddy’s hosting environment. Hackers obtained the email addresses of all impacted customers, their WordPress admin passwords, sFTP and database credentials, and SSL private keys for a number of active clients.
It leads to the question, is shared hosting a good thing? It’s often seen as a cost-effective solution for small businesses and offers an element of self-control over their web services. However, for organizations with large amounts of sensitive data, shared hosting is a risk as it’s difficult to segregate access controls.
Furthermore, after a breach of this scale, how does an organization regain the trust of its customers? The first step is to assess the damage caused and how long it will take to clean it up. It’s important to understand what has been compromised, the level of integrity that has been lost, and what action needs to be taken to segregate the problem. Secondly, following the attack, implement regular baseline checks to truly understand what normal activity looks like across your environment.
Ensure plans and procedures have been stress tested. This could significantly enhance the time it takes to recover from a security breach.
Reddit security breach – a lesson in good communication
The popular internet forum, Reddit, was the victim of a sophisticated phishing campaign in February this year. The company announced that hackers had stolen employee login details and accessed the platform’s internal systems. However, there was no evidence to suggest that the passwords or any other credentials had been compromised.
What sets this attack apart is that the employee identified and disclosed the scam as soon as it happened, which meant Reddit’s internal security team could deal with the issue quickly and efficiently. Also, Reddit was extremely open in its communication with users, which isn’t always the case when attacks such as this happen.
They disclosed a lot of information about the incident and offered users the chance to ask questions about what had happened. It demonstrates good security culture within the organization, and critically, it gives their customer base confidence.
Phishing has become highly targeted and sometimes even tailored to the individual. Good security culture can limit the damage caused by this approach.
Have the right cybersecurity tools
With so many attack vectors, it’s never been so important to put cybersecurity tools in place to protect your organization. It’s crucial to implement a security strategy that has more than one layer of defense in place.
Implement access controls such as multi-factor authentication and make awareness training mandatory for all employees. These simple steps could prevent bad actors from causing long-term damage to your organization’s infrastructure and reputation.