Top 8 biggest cyber attacks of March 2024

Insights and trends from recent UK cyber threats and breaches from March.

Arjun Pednekar, Technical Director, Cognisys

Arjun Pednekar

2nd April 2024

The cyber security landscape is a battleground where defenders and attackers engage in a relentless tug-of-war. In this ever-evolving arena, staying vigilant and proactive is paramount. Recent events have highlighted both the challenges we face, and the resilience required to fortify our digital frontlines.

Here are the top 8 biggest cyber attacks and breaches from March that have made an impact on social media:

1. The CIRCIA initiative

Let’s kick things off with a significant policy reform from the Cyber Security and Infrastructure Security Agency (CISA). In a bold move to enhance national cyber security, CISA has introduced rules compelling critical infrastructure organisations to promptly report cyber security incidents. Dubbed CIRCIA, this initiative aims to provide the federal government with a comprehensive understanding of breaches impacting vital sectors like utilities. Inspired by the infamous SolarWinds hack, CIRCIA marks a pivotal regulatory step, with Director Jen Easterly hailing it as crucial for bolstering cyber security efforts nationwide.

2. The inadequate patching of Microsoft exchange server

Germany’s Federal Office for Information Security (BSI) has sounded the alarm over the inadequate patching of Microsoft Exchange Server instances throughout the country. Shockingly, over 17,000 servers are vulnerable to at least one critical flaw, with a staggering 12% running unsupported versions. This wake-up call underscores the importance of timely patching and the potential consequences of neglecting software updates.

3. The Github leak

In a concerning development, the source code and documentation for Italy’s anti-piracy platform, Privacy Shield, have been leaked on GitHub. This unprecedented exposure has piqued the interest of activists and researchers, shedding light on the platform’s approach to combating online piracy. While the implications are still unfolding, this incident serves as a reminder of the ever-present risks associated with data breaches and the need for robust security measures.
The CEO and Technical Director in a strategic conversation about the impact of recent cyber attacks and how they shape security practices.

4. The NHS ransomware attack

The healthcare sector, a critical lifeline for millions, has also fallen victim to cybercriminals. The INC Ransom extortion gang has targeted NHS Scotland, claiming to have stolen a staggering three terabytes of data and threatening to release it. This brazen attack highlights the grave consequences of cyber security breaches in the healthcare domain, where patient data and operational continuity are paramount.

5. The Saflok-brand door lock exploit

In a startling revelation, researchers have uncovered a straightforward exploit capable of unlocking doors in over 10,000 hotels worldwide using Saflok-brand RFID-based keycard locks. While the manufacturer, Dormakaba, has initiated a patch rollout, only 36% of affected locks have been updated or replaced. This vulnerability underscores the unique challenges faced by the hospitality industry and the potential for cyber espionage by nation-backed actors.

6. The Apple M-Series processor vulnerability

Even tech giants like Apple are not immune to security flaws. The company recently acknowledged a vulnerability in its M-series processors that could allow attackers to steal cryptographic keys, potentially compromising various encryption protocols, including those touted as quantum-resistant. While Apple has released a workaround for developers, the vulnerability highlights the ongoing battle against cyber threats and the need for constant vigilance.

7. The Microsoft Sharepoint vulnerability

CISA has also issued a warning regarding the exploitation of a critical Microsoft SharePoint vulnerability that allows authenticated attackers with Site Owner privileges to remotely execute code on vulnerable servers. This flaw can be combined with another privilege escalation vulnerability, enabling unauthenticated attackers to gain admin privileges and execute remote code on unpatched servers. Prompt patching and mitigation measures are crucial to thwarting such attacks.

8. The Fortinet RCE bug

Fortinet’s Enterprise Management Server (EMS) has also fallen victim to a critical remote code execution (RCE) vulnerability, which has been swiftly exploited by cyber attackers. With a severity score of 9.3 out of 10, this flaw allows attackers to execute arbitrary code and commands with system admin privileges on affected systems. Fortinet has released a patch and updated its security advisory, but the incident underscores the need for proactive vulnerability management and timely patching.

GRC consultants performing a client audit, as part of a SOC 2 compliance review process

Email security remains a persistent challenge, with cybercriminals exploiting various methods to gain unauthorised access to email accounts. Implementing best practices for email security headers, which contain vital authentication and identification data, is crucial for enhancing cyber defences and ensuring message integrity. By raising awareness and effectively managing passwords, organisations can mitigate the risks associated with email security breaches and prevent fraudulent activities.

While the world of cyber security can sometimes feel overwhelming, it’s important to view incidents as opportunities for the cyber community to come together. By staying updated, adopting strong security practices, and working together, we can strengthen our defences and overcome cyber threats. Remember, staying alert is crucial to protecting our online spaces and building a safer digital future for everyone. Stay safe out there, folks!

If you are concerned about threats to your IT estate, get in touch and one of our cyber experts can discuss how we protect your business.

Subscribe to receive the latest cyber insights