It is no surprise that 2021 saw a vast number of cyber attacks targeting UK businesses. Although these attacks used some novel methods, the end goal is usually the same – generate as much income as possible for the cybercriminals. In this article we’ll focus on five cyber attacks that may not have come to your attention and show you how you can protect your business as we move into 2022.
1. UK VoIP providers targeted by denial of service attacks
Throughout this year, many UK-based VoIP telephone providers have been targeted by distributed denial of service attacks (DDoS), as a part of attempted large-scale racketeering. The criminals persistently flooded the targeted companies’ networks with huge volumes of data, forcing their website and other infrastructure offline. The criminals then attempted to extort the companies for around £500,000 each year in order to stop the attacks from occurring. This type of attack can be extremely damaging to all companies, especially VoIP providers as customers rely on their availability in order to be able to make calls.
Penetration testing is a very useful service to defend against these attacks as it can determine devices and systems that are particularly vulnerable to denial of service. A second defence is to deploy a DDoS mitigation service, which recognises the source of the attack and filters it out.
2. SPAR Convenience Stores Ransomware Attack
Early in December the SPAR chain of convenience stores became the latest victim in a long list of ransomware attacks. By encrypting huge swatches of information on SPAR’s network, the cybercriminals were able to prevent SPAR staff from working and disable till systems so that debit and credit card payments could not be made. Ransomware is considered the single greatest cyber security threat to all organisations as it can completely stop the business functioning until the data can be restored from backups. The most sophisticated criminal groups are even employing experts that are versed in the main backup systems used by companies, in order to try to destroy the backups. This gives the criminals significantly more leverage to force a ransom payment to be made.
Ransomware requires a defence in depth approach to mitigate, but the single best method is to use an XDR system, such as Falanx Triarii, which is able to detect and block ransomware attacks as they occur.
3. Tesco Website Disrupted
Tesco’s main website was disrupted by a cyber attack earlier this year. The attack caused the website and app to be down for two days. E-commerce sites rely heavily on the availability and functionality of their website, and the attack demonstrates how even large businesses can be affected by a cyber attack. Details on the attack have not been made public, but it is likely that it was either a denial-of-service attack, or that a third-party company that provided services integral to the Tesco website and app was targeted.
Your organisation should be aware of the main suppliers that have access to sensitive data or provide critical functions to your business and run assessments of their cyber security to ensure that they are not introducing unnecessary risk. Falanx f:CEL allows you to quickly and cost-effectively assess your key suppliers, providing a near-instant report on their cyber security status.
4. Weir Group Ransomware Attack
Scottish engineering firm Weir Group was targeted by a ransomware attack in October, which disrupted systems and caused delays in shipments, affecting the revenue of the business. Although they were able to recover their data, even when a firm has reliable backups a ransomware attack is still highly disruptive. It takes time to restore the data onto the network and have all systems functioning correctly.
In addition to XDR, firms should ensure their backup systems are completely disconnected from the main network. This includes not relying fully on cloud backup services, as these are still connected to the corporate network. Backup restoration should be tested regularly to ensure the business can recover quickly from a ransomware attack.
5. Northern Rail Ransomware Attack
Another victim of a ransomware attack was Northern Rail. The attack was able to disable self-service ticketing machines, causing significant travel disruption. Ransomware attacks are targeting businesses of all sizes across all sectors. Alongside the protections already mentioned, it is important to note that most ransomware infections occur through staff opening a malicious link or attachment in an email. Staff cyber security awareness training is a key defence against ransomware attacks in order to educate staff on what they should be looking for and how they can report it.
