The biggest cyber security attacks in October

We take a look at the biggest cyber attacks, data breaches and cyber security incidents that happened around the world in October 2023

Add bookmark

Graphic with map of world and words 'cyber attack'

Cyber Security Hub takes a look at the cyber security incidents that caused the greatest disruption in October. 

Contents

KillNet launches DDoS attack against UK royal family

Russian hacktivist group KillNet were allegedly behind a DDoS attack targeting the UK’s royal family.

Royal.uk, the monarchs’ official website, was offline for around 90 minutes on October 1.

Once the site was functional again, an IP address checker was put in place to ensure those accessing the site were not bots.

In a Telegram post about the cyber attack, KillNet claimed that they had launched it as part of an “attack on pedophiles”, thought to be referencing the allegations of sexual abuse of a minor made against Prince Andrew, Duke of York. It has not been confirmed they are the perpetrators.

Millions of user records stolen in 23andMe data breach

On October 6, biotechnology company 23andMe revealed it had been the victim of a data breach.

The cyber attack appeared to target users with Ashkenazi Jewish heritage. The malicious actor, who goes by the name Golem, claimed to have uploaded a “1 million Ashkenazi database” in a post on hacking forum BreachForums.

Golem offered data packs for sale, which they claimed contained “tailored ethnic groupings, individualized data sets, pinpointed origin estimations, haplogroup details, phenotype information, photographs, links to hundreds of potential relatives, and most crucially, raw data profiles”.

Later in the month Golem claimed they had stolen data belonging to “the wealthiest people living in the US and Western Europe on this list”, including the British royal family, the Rockefellers and the Rothschilds, however this statement has not been confirmed to be true.

Prices for the datasets ranged between US$10 to $1, depending on how many profiles the potential buyers were willing to purchase. 

The breach has prompted DNA testing companies to start using two-factor authentication logins by default.

Credit card information leaked in Air Europa data breach

Air Europa suffered a data breach that exposed the payment information of its customers.

The airline emailed affected customers on October 10 to inform them that their payment data may have been accessed during the cyber attack; however the data breach allegedly happened 41 days previously, on August 28.

According to the airline, the cyber security incident was discovered following the detection of suspicious activity on one of its systems. Customers’ credit card numbers, expiry dates and CCV codes were exposed, even though storing CCV codes goes against Payment Card Industry Data Security Standard (PCI DSS) regulations.

Due to the nature of the data exposed, Air Europa urged all those who had used a credit card to pay for flights to cancel their card, although the airline also stated that there was no evidence that the breach had been “ultimately used to commit fraud”.

Biggest ever DDoS attacks reported by Google Cloud, Cloudflare and AWS

Internet infrastructure providers Google Cloud, Cloudflare and AWS reported their largest ever DDoS attacks on October 10. The attacks were part of a mass exploit of a zero-day vulnerability that had begun in August, with Google and AWS confirming they had managed to fight them off on October 11.

In a blog post about the attacks, Google explained that it was the largest DDoS attack “to date”, with the requests per second (rps) peaking at over 398 million, making it seven and a half times larger than the previous record-breaking DDoS attack.

Cloudflare CSO Grant Bourzikas wrote in a blog post that it is “crucial” to understand that the attack was able to be launched using a “modestly-sized botnet, consisting of roughly 20,000 machines”.

Malware spread via fake volcano alerts in Italy

On October 16 a blog revealed that malware was being spread to Android devices via fake volcano eruption alerts.

Researchers at Italian cyber security company D3Labs discovered that malicious actors were exploiting the IT-Alert service, a new public alert system used by the Italian government to share information to citizens in emergency situations, for example natural disasters.

Fake volcano alert

Source: D3Labs

The malicious actors created a website posing as IT Alert that read “due to the possible eruptions of a volcano, a national earthquake could occur,” before directing readers to download its app. Once a victim clicked on the download button, a file labelled IT-Alert.apk containing SpyNote malware downloaded.

By prompting the user to allow the app to run in the background, malicious actors were able to gain full control of the victim’s smartphone, enabling them to steal login credentials for banking apps and social media, for example.

Pro-Russian hackers disrupt Czech government websites

Czech government websites were disrupted on October 24 due to a DDoS attack. The police force and Prague Airport websites, as well as the website of the Crimea Platform, an international summit taking place in Prague that day, were also attacked.

The attacks disrupted websites for around two hours. The police force and Prague Airport websites were offline until approximately 2pm. Most of the sites regained functionality after this time, but the government website was still largely inaccessible.

Various sources have alleged that hackers NoName057 were responsible for the attacks. The group has been behind a number of cyber-attacks on government agencies and media in the US and Europe since March 2022, primarily targeting entities it believes to be enemies of Russia.

British Library offline after cyber attack

The British Library has been experiencing a cyber attack since October 28 that has disrupted its website, online systems, public Wi-Fi and phone services.

Both its sites in London and Yorkshire are affected in what the library has called a “major technology outage”. A blog post by the library dated November 8 confirmed that the cyber attack is still affecting the library’s services.

“We expect to restore many of our services soon, although some disruption is likely to continue for several weeks,” it said.

“We’ve taken targeted protective measures in response to the attack to ensure the integrity of our systems. We’re also undertaking a forensic investigation with the support of the National Cyber Security Centre and cybersecurity specialists,” the post added.

At the time of writing, the website was still disrupted and only very limited, manual collection item ordering was available. The library’s shop and bookshop are only able to accept cash payments, however all public events are going ahead as planned.

Rhysida ransomware operators later claimed responsibility the the highly disruptive cyber attack.

Sign up to attend our upcoming event on generative AI and cyber security 


RECOMMENDED