Cyber Security Roundup for November 2020

Read the original article: Cyber Security Roundup for November 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, October 2020.

London’s Hackney Borough Council has been tight-lipped about “a serious cyber-attack” which took down its IT systems, impacting its service delivery to citizens. Providing scant information about the attack, it has all the hallmarks of a ransomware outbreak. The council says it is working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident. Ransomware attacks continue to a major problem for public services from councils to hospitals to defend against, earlier this year Redcar and Cleveland Borough Council said it had been hit by a ransomware attack, which cost it more than £10m.

Looks like the ransomware threat will continue to pose a major threat, with separate reports stating a resurgence in the Emotet trojan, a dropper of ransomware was reported, and the hacking group behind the Ryuk ransomware has again become active. Indeed, the new variant of Ryuk ransomware previously unknown to antivirus software providers and security agencies was said to be behind a cyberattack on Sopra Steria’s operations in October 2020, the digital services company has confirmed.

British Airways had it credit card breach DPA fine reduced by a massive £163m to £20m by the UK Information Commissioner’s Office (ICO), which was imposed when the pandemic financially beleaguered airline lost 430,000 payment card details to hackers after an e-commence skimming attack in 2018.

BA lost 430,000 payment card details to hackers after Magecart e-commence skimming attack in 2018

This data breach is a lesson in failing at PCI DSS compliance, with customer credit card details stolen due to ‘Magecart’ payment card skimming script being injected onto the BA payment page. The attackers initially compromised the BA network through a third-party worker’s remote access (not MFA), so gained access to their Citrix environment. The attackers were gifted privilege level access after finding domain admin account username and password in plaintext on a server folder. I understand investigators found the storage of payment cards in plaintext, including CVV numbers post-payment authorisation which is never permitted under PCI DSS. Aside from ICO fines and reputational damage, this breach cost BA a small fortune in specialised PCI PFI digital investigation forensic work, a complete solution rebuild, and card brand penalties. Visa Chief Enterprise Risk Officer; ‘no compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach’. That statement still rings true today.

The ICO also fined the Marriott Hotels chain under the DPA (GDPR) £18.4m for a major data breach that may have affected up to 7 million UK citizen guests, with their names, contact information, and passport details said to be compromised in a cyber-attack. The ICO said the company failed to put appropriate safeguards in place but acknowledged it had improved.

The UK NCSC released an advisory, which repeated a US warning that Chinese Threat Actor are exploiting known software vulnerabilities. The advisory details 25 vulnerabilities being exploited or targeted whilst offering mitigation advice. Many of the vulnerabilities allow attackers to gain access to a victim’s network by exploiting products directly connected to the internet. Once inside the network, these actors can then exploit further from within. The NSA has also produced an infographic breaking the 25 vulnerabilities down by threat.

UK MPs said there was “clear evidence of collusion” between Huawei and the “Chinese Communist Party apparatus” following a parliamentary inquiry has concluded. While the US authorities charged six Russian hackers over cyber-attacks that targeted the UK Novichok probe and the Olympics.

Stay safe and secure.

BLOG

Securing an Agile and Hybrid Workforce

Cyber Security Roundup for October 2020

NEWS