Post By Charlie Heywood on February 10, 2023

Which hackers pose the greatest threats to UK SMEs in 2023?

Hacker in hoodie with green computer code around his head

If you’re a UK SME that sends international mail or parcels, it’s likely you’ve faced disruption in 2023 due to the cyber attack against Royal Mail.

On January 12th 2023 the Royal Mail Twitter account tweeted: “We’re experiencing disruption to our international export services and are temporarily unable to despatch items to overseas destinations. Please do not post any export items while we work to resolve the issue. Sorry for any disruption this may cause.”

By early February some services – including International Tracked, International Signed, and International Tracked & Signed – had been restored for customers paying online or via shipping solutions.

However, Post Office branches were still unable to accept new parcels without postage labels already affixed.

The relatively long duration of the disruption – and the piecemeal recovery put in place by Royal Mail using “alternative solutions and systems” – highlights the risk posed to UK SMEs both directly and indirectly by hackers in 2023.

Who hacked Royal Mail?

The Royal Mail attack has been claimed by ransomware operation LockBit 3.0, also known as LockBit Black.

We have encountered LockBit ransomware attacks in the past, including a small business whose network had been compromised when a password was unwittingly leaked by an end-user.

LockBit was able to connect via a virtual private network (VPN), which masks the user’s real location in the world, and the client’s systems were held to ransom for two weeks.

This experience shows that although it is usually the big brands like Royal Mail that make the headlines, cyber attacks against UK SMEs and even against sole traders and individuals are a real concern.

Ransomware attacks in 2022

The National Cyber Security Centre (NCSC) led national responses to 18 major ransomware attacks in 2022. Victims included South Staffordshire Water and the NHS 111 service.

In a joint advisory notice issued by the NCSC and equivalent cybersecurity authorities from Australia and the US, the NCSC called ransomware “the biggest cyber threat facing the United Kingdom”.

Ransomware developers change their methods over time: notably in recent years, they have begun to develop malware that specifically targets cloud infrastructure, such as that used for decentralised storage and remote backup.

How to resist ransomware

Once encrypted, it is very, very difficult to recover data without paying the ransom (or otherwise obtaining the decryption key/password).

For this reason, prevention is often the ONLY option in ransomware attacks. This includes being vigilant and aware of any emerging scams, especially within your industry.

Automatic scanning systems can flag up incoming emails that contain suspicious links or malware attachments, reducing the risk of a successful phishing attack and keeping infected files out of your private network.

In case of an attack, it is sensible to keep ALL important data fully backed up and ready to restore at short notice – crucially, this should include a mechanism to prevent the encryption of a ransomware attack from spreading to your backup volume too.

For more information and to take steps to secure your systems, speak to APH today and we can help you to fight off any would-be cyber attacks in 2023 and beyond.

 

  • This field is for validation purposes and should be left unchanged.