Security round-up: May 2023

May 30, 2023 |
Will Shaw

Written by
Will Shaw

It's time for another monthly cybersecurity roundup, and there's been a lot of activity once again.

Capita attack: Part one

We’ll start again with Capita. We discussed the breach they suffered in last month’s roundup, and the consequences are still being felt. Capita offers a wide range of outsourced services to both the public and private sectors. That means that any breach could have far-reaching consequences, as demonstrated in May.

Two major pension funds that outsource administration to Capita were hit by the attack. The pension schemes for M&S and drinks giant Diageo each have over 100,000 members whose data may have been compromised. This demonstrates how cyber-attacks can spread to affect clients and partners. This will undoubtedly not be the last we hear of this attack. The total cost is expected to be around £20 million.

Capita attack: Part two

Meanwhile, Capita has received more bad news. Several British councils have come forward to say that an incident may have impacted them. Their data was stored in an insecure Amazon Web Services (AWS) data bucket in this case. In layman's terms, they hosted data in a publicly accessible location.

So far, councils in Derby, Colchester, Adur and Worthing, Coventry, Rochdale and South Staffordshire have been affected. Not all councils have disclosed exactly what information was at stake. However, according to Colchester City Council, local residents' benefits data was potentially exposed in one case.

Capita was publicly criticised by other councils. This demonstrates the reputational damage that can result from cyber incidents, as well as the potential for lost business. It also brings up the issue of collaborating with public authorities. Their requirements for contractor security are only likely to become more stringent, especially in light of incidents like this. That brings us to...

DDoS attach on the Swedish Parliament website

This is a different type of attack in a different country, but it brings up an important point about the government. In brief, in early May, was subjected to a distributed denial-of-service (DDoS) attack.

DDoS attacks work by using bots to flood a server with traffic. In this case, it slowed the website's performance. This made the attack relatively minor, but it comes amid widespread warnings of increased cyberwarfare against public institutions.

Contractors to the government should take note. Authorities will demand increasingly tight security from partners not only for their own protection, but also for yours. If public institutions are increasingly targeted, their private partners may suffer as well. The Capita example demonstrates how attacks spread from their target to their partners, whether private or public.

Infected Android devices

Now we'll look at an increasingly common hardware issue. Researchers revealed a massive attack at Black Hat Asia, a technical security conference in Singapore. Lemon Group, a cybercrime syndicate, has “pre-infected” as many as 8.9 million Android devices.

Pre-infecting refers to the addition of malicious code at some point during the manufacturing process, before the devices are shipped. As a result, they are a threat right out of the box. Spyware or other types of malware may be present on pre-infected devices.

The affected devices were low-cost, with manufacturing outsourced to an original equipment manufacturer (OEM) to save money. Malicious actors installed a strain of malware known as Guerilla at an unknown point in the production pipeline.

This should increase public awareness of the dangers of internet of things (IoT) devices. These infections are not limited to mobile devices. Furthermore, businesses must select hardware with care and from reputable suppliers.


Next, we move to a recent revelation about another historic attack. Simplify, a major conveyancing firm, suffered a data breach in November 2021. Some exposed files contained personal information relating to employees. Simplify temporarily shut down its IT systems in response, which caused many property deals to stall.

This may seem like old news, but Simplify’s recently released annual report revealed direct costs of around £7 million for the attack. Most direct costs were covered by insurance, but the report noted that new business was “significantly reduced” for a 10-week period by the attack.

The report also says that the Group “entered into conversations with its providers of capital to ensure that the long-term funding and capital structure of the group could be preserved and protected”. Shareholders made a cash injection of £15 million.

We can’t speculate on the exact indirect costs of this incident, but it goes to show how the effects of a cyber attack can spread.

Cisco switch vulnerability

Finally, we end on Cisco, one of the world’s largest digital communications companies. Cisco has identified nine security flaws affecting its Small Business Series of network switches. These vulnerabilities are located in the web-based interface, and could allow attackers easy access to execute a DDoS attack.

The good news is that Cisco has released patches for all 9 vulnerabilities. If you use these switches, you can find the patches and more information here. If you’re unsure, we’d strongly recommend contacting a professional.

See you in June

These examples give food for thought for all businesses. We’ve seen how the costs of an attack can rise, and affect your partners, team, customers and your business for months and years to come.

We will keep you informed with our next update next month. In the meantime, if you want more information about cybersecurity, please get in touch using the button below.

Contact us

Recommended reading