Between the surge in remote and hybrid work and the Ukraine war, cybercrime in Europe has escalated in 2023. German companies alone lost € 205.9 billion to cyberattacks in 2023 whereas the total losses to cyber crime in the European Union were €345 billion in 2018. UK’s losses to cyber-attacks have increased by 15% between 2022 and 2023 to reach € 31 billion.
State of cyber attacks and data breaches in Europe in 2023
European businesses and government institutions have faced an incessant onslaught of phishing, DDoS, ransomware attacks, and data breach attempts throughout the year. Organizations in the EMEA regions (Europe, Middle East, and Africa) faced approximately 1 billion web application and API attacks, representing a 119% year-over-year increase from Q2 2022 to Q2 2023. These regions faced 63.5% of all DDoS attacks worldwide, nearly double the number of attacks faced by North America (32.6%).
A large number of attacks go unnoticed and unreported. The following is a collection of the most notable of the reported cyberattacks in Europe between January 2023 and September 2023.
Cyber attacks in September 2023
It’s too soon to prepare a comprehensive list of cyber attacks that took place in September considering the average time elapsed between a breach and its discovery is more than 60 days in Europe. Nevertheless, there is news of a significant data breach caused by human error and poor access management.
3.8 billion records exposed in data leak at DarkBeam
DarkBeam is a digital protection firm based out of the UK. The company had created a database of stolen credentials to create alerts for its users. However, the database itself was left unprotected. Bob Diachenko, the CEO of cyber security news site, Security Discovery, reported the leak.
Russian flight booking system was hit by a massive DDoS attack
Leonardo, a flight booking system in Russia was targeted by the Ukrainian hacktivist group, IT Army in September. This large-scale DDoS attack caused airport delays and affected operations at the Sheremetyevo International Airport in Moscow.
Cyber incidents in August 2023
The month of August saw a series of cyberattacks and data breaches across the world. The appearance of the personal data of 2.6 million users of the popular language-learning application Duolingo is perhaps one of the most alarming incidents that took place in August. Here’s how things looked in Europe.
Attack on the UK’s Ministry of Defence (MoD)
On August 5th and 6th, the UK’s Ministry of Defense was hit by a cyberattack through one of its third-party service providers. Zaun is a firm that handles physical security for a number of high-value military and intelligence sites for the MoD. A Windows 7 PC that ran software for a manufacturing machine for Zaun was hacked by the pro–Russia ransomware gang LockBit.
According to a statement on the targeted company’s website, the attackers got access to 10 GB worth of data and may have accessed information stored in company servers. The leak may have exposed sensitive information about high-security military and intelligence sites including prisons, and a nuclear submarine base.
The vulnerable computer has since been removed and the attackers were not able to encrypt any system.
DDoS attacks in Italian banks
According to an Italian cyber security agency, Agenzia per la Cybersicurezza Nazionale, at least 5 Italian banks were hit by DDoS attacks in early August. The banks that were targeted include Intesa Sanpaolo, Monte dei Paschi di Siena, BPER Banca, FinecoBank and Banca Popolare di Sondrio.
The series of attacks targeting these Italian banks was mounted by the pro-Russian hacker group called NoName057(16). The group assumed responsibility for the attacks stating, “The worship of the Ukronazi idol continues in the Russophobic countries of the West…And we once again remind the Russophobic Italian authorities that such actions will not remain without our attention.”
The group has been active since the Russian invasion of Ukraine. Other than Italy, the NoName057(16) has targeted infrastructure in Bulgaria, Denmark, France, Germany, Lithuania, Poland and Spain.
Cyber attacks in Europe in July 2023
Attack against the UK’s Electoral Commission
Unknown malicious actors gained access to the UK’s electoral registers compromising the personal information of nearly 40 million people.
According to an announcement made by the UK’s Electoral Commission, the data breach was caused by a “complex cyber-attack.”
Attack on the UK’s National Health Service
Ransomware gang ALPHV struck twice inside a month’s span as it attacked Barts Health NHS Trust compromising 7 terabytes of data that is likely to include confidential information of patients. A month earlier the gang had hacked into the University of Manchester and managed to steal the personal information of 1.1 million patients.
On June 30, after hacking into the NHS system, ALPHV made a post on the dark web with the following message: “You have 3 days for contact with us to decide this pity mistake, which made your IT department decide what to do in next step. If you prefer to keep silence, we will start publicate data, most of it – citizens confidential documents“
Cyber attacks in June 2023
Administrative error exposed the personal data of job seekers in Ireland
In June 2023, the Public Appointments Service (PAS) in Ireland announced that an “administrative error” caused the exposition of the personal information of over 15,000 civil service candidates. Apparently, an employee at the PAS had unwittingly included the personal information of the affected candidates in a mass email. Whether this leak was the result of a phishing attack is unknown.
Third-party ransomware attack affected the Swiss government
A third-party organisation, Xplain used by the Swiss military and several government bodies was hit by a ransomware attack on June 3rd. The attack has been attributed to Play, a newly emerged ransomware group. Xplain had its systems crippled and data encrypted in the attack. The Swiss government suspects that the hacker gang may have stolen sensitive data in the attack.
Cyber incidents in May 2023
Spear phishing attack on a Belgian politician
China-sponsored hackers were linked to a spear phishing campaign against a prominent politician in Belgium by the country’s cyber security agency in May. The attack may have been a retaliation against the anti-China sentiment in Europe in terms of cybercrime.
Attacks against Ukrainian computer systems by pro-Russia hacktivists
- Russian-linked hackers tried to attack the computer systems used to manage the crossing of the Ukrainian borders by commercial trucks. The attack failed.
- According to the National Security Agency of the USA, there’s evidence of ransomware and supply chain attacks against Ukraine and other European countries by Russian hackers. The attacks were mounted against European countries that provided Ukraine with humanitarian aid.
Cyber attacks in March and April 2023
Espionage campaign against the defense industry in Europe
Hackers linked to North Korea were found to be conducting an espionage campaign against the defense industry firms in Eastern Europe and Africa. According to researchers at Kaspersky, the hackers were initially interested in financial gain through coin-mining attacks but around 2020 their focus shifted to espionage.
Politically motivated cyber attacks by pro-Russia hackers
- The website of the French National Assembly was shut down for several hours by a DDoS attack launched by Russian-linked hackers. In a Telegram post, the hackers claimed that the attack was in retaliation to the French government’s support for Ukraine.
- Politicians, celebrities, and businesspeople across Europe and the USA who publicly denounced Russia’s invasion of Ukraine were targeted with a phishing campaign in March. The hackers used phone calls and video calls to trick the victims into giving prompts. They used these prompts to stitch pro-Putin soundbites and published those to discredit the victims’ earlier anti-Putin statements.
- Poland accused Russian hackers of launching a DDoS attack against its official tax service website. The site was down for an hour but no data was reported to have been stolen.
Cyber incidents in January and February 2023
Malware attack against Ukrainian organizations
Russian hackers launched a malware payload that is capable of extracting account information, and files, and taking screenshots. The malware was used primarily to target Ukrainian organizations as part of the ongoing warfare between the two countries.
Attack on Italy’s Revenue Agency
Agenzia delle Entrance, Italy’s Revenue Agency suffered a hack. Hackers first disabled the agency’s website and then sent users phishing emails directing them to a fake login page that mirrored the official agency site. There is no clear information about the stolen data.
Pro-Russian hackers attack the UK’s Royal Mail
In January 2023, Russia-linked ransomware gang LockBit launched a ransomware attack against the UK’s postal service, the Royal Mail. The attack forced the organization to cease overseas postal services for several weeks.
German telecom company fell victim to a ransomware attack
The German telecommunication company Deutsche Telekom was hit by a ransomware attack. The data on their servers were encrypted. The infamous ransomware gang Conti assumed responsibility for the attack.
How can organizations avoid cyber crime and data breaches?
Running businesses in the era of full-blown cyber warfare takes a lot of preparation and a bit of luck. There are certain steps that organizations can take in order to safeguard their data, protect their systems, and the privacy of their customers and employees.
1. Set up strong security policies
The importance of having and enforcing strong yet easily understandable security policies is very important. This encompasses everything from a company’s attitude towards business-led IT to the frequency of security audits conducted by the company.
As part of the password policy, it’s best if organizations mandate the usage of enterprise-grade password management solutions.
2. Employ the principle of least privilege
Access to critical infrastructure and data should be granted only if needed and revoked as soon as the need is fulfilled. This should apply to all employees across departments.
3. 2FA for all employees
2-factor Authentication needs to be standardized for all applications used for organizational purposes. While it is debatable if 2FA makes the authentication process too complicated there can be no doubt that 2FA makes hacking into an account exceptionally difficult for hackers.
4. Better onboarding and offboarding of employees
It often occurs that a former employee retains access to data and applications from their old job. It poses a serious security threat to the company. Using a tool that makes onboarding and offboarding of employees easier and allows admins to grant and revoke permissions with ease is highly recommended.
5. Continuous vigilance
On top of periodic security testing activities, a company should be consistently monitoring its assets and attack surfaces. A shadow IT monitoring solution can be of great effect in this regard. It allows employees to get their job done using their favourite tools while eliminating the risk of running unrecognized applications within the organization.
The cyber threat landscape in the last couple of years has been shaped largely by the Russia-Ukraine war and the pandemic before that. It is important to remember that the size of your business or the country of its origin does not stop hackers from exploiting vulnerabilities in your security systems. Today, the strength of a company’s cybersecurity posture and resilience determines its future. Make sure you stay ahead of the curve.