The year in Cyber News last year was fascinating and fast moving with many sectors of the business world being affected by different forms of phishing scams, new strains of ransomware attacks and the emergence of the Internet of Things …… it is likely that 2017 will also be just as fascinating with many new threat vectors coming to the fore.
December Cyber News
15th December
The heating systems of many British Schools have found to be susceptible to a possible hacker attack. The security research firm Pen Test Partners have ascertained that this has been caused by the equipment controllers being connected to the internet against the manufacturers guidelines. This is another example of the “Internet of Things”were it is possible for devices and equipment to be connected and for hackers to gain unauthorized access in order to cause disruption with possible outcomes of the stealing of data or carrying out a DDos attack.
Pen Test Partners have further stated that it is important that both installers and manufacturers make their systems safer and less vulnerable to a hacker attack with greater emphasis being placed on cyber security.
11th December
Perth International Airport has been hit by a Vietnamese hacker who has stolen sensitive security details including building plans and physical security information relating to the airport infrastructure.
The security systems were breached using the credentials of a third party contractor in March of last year. It is understood that the systems involving areas such as radars and the aircraft operations were not involved.
The individual behind the attack has been arrested who does have a history of carrying out cyber attacks on critical infrastructure. He is not believed to be part of a larger hacking group.
An investigation has now been carried out which has revealed that there is no threat to the security of the airport and its passengers.
6th December
It has been revealed that a number of the UK’s largest banks have only just addressed a security flaw in their computer systems after being alerted of this by the University of Birmingham.
The banks involved are thought to include HSBC, Natwest and Co-Op all of which included a vulnerability which permitted a hacker to retrieve username , password and pin code through a “man in the middle” attack . The vulnerability was live for approximately eight months. It is not know how may customers could have been affected by this.
A hacker could have exploited the “hole” by hijacking customers when they were using the same public wi-fi networks to connect to their bank accounts via a banking app.
The National Cyber Security Centre informed the banks of this vulnerability which they said was caused by poorly administered security “certificate planning”
6th December
The Royal Institute of Blind People (RNIB) website has been targeted by hackers which has resulted in their customers being defrauded.
It is understood that 817 customers of the RNIB website have been affected when the on-line shop was compromised on 16th November. A number of customers have reported as suffering from fraudulent activity as a result of this cyber attack.
An investigation is underway and it is expected that further information will be made available in the coming weeks. It is not know if the ICO has yet been advised of this incident.
4th December
PayPal has announced that its recently acquired TIO Networks has suffered a data breach where PII details of 1.60 million customers may have been affected.
An investigation carried out has shown that unauthorized access was obtained into TIO Networks systems. The attack was carried out in July this year but it is unclear as to whether the data breach occurred prior to the acquisition by PayPal. The information taken appears to be social security numbers were accessed.
All customers impacted are in the process of being alerted to the data breach with credit monitoring being offered to the affected individuals which would normally be for a period of 12 months.
1st December
As reported earlier in the year, Morrisons supermarket were facing a court case whereby an employee had stolen data and posted this on -line and the affected employees were making a claim against the company. The data included salary and bank details of the employees.
The High Court ruling has stated that those impacted by the data breach are allowed to claim compensation for the “upset and distress”that this has caused. Morrisons feel that this is unreasonable and will be appealing against the decision.
This is the first class action in the UK of this type and could lead to other similar claims being made were a group of individuals have been subject to a data breach as a result of the compromise of a firms computer systems.
November Cyber News
30th November
Clarksons, the shipping service provider has announced that it has suffered a data breach which it is understood was as a result of a single and isolated user account being accessed. The firm is in the process of notifying its customers and an investigation is under way.
The data is understood to be of a confidential nature and Clarksons are working closely with lawyers and the police in order to mitigate the incident and to protect their customers.
It is not yet understood as to when the the breach took place and further details are expected to be released shortly.
21st November
Uber have revealed that hackers gained access to 57 million driver and rider accounts however the company have said that they had kept the data breach a secret for over a year. It is believed that Uber paid a $100,000 ransom to the hackers to destroy the data and to kept the matter out of the public domain.
The cyber attack took place in October 2016 when hackers managed to gain access to e-mails and telephone numbers of nearly 57 million customers but also accessing the details of 600,000 drivers. The news of the breach was contained within the company with the new CEO only learning of the breach two weeks after he took over the position.
Inquiries are undergoing as to why it took Uber so long to advise the data breach despite the fact that most US states now have in place notification requirements to regulators to advise of the compromise of personal data.
16th November
Forever 21, an online retailer in Los Angeles has revealed that there may have been unauthorized access to data from customer payment cards. An investigation is underway in order to discover how this took place. The information to date is rather sketchy with the retailer either unwilling to reveal further information or it is still unaware of the full details of the attack.
Reports have indicated that encryption in some of their point of sale devices may not have been in place.
The investigation that is taking place, is it is understood to be focusing on the months between March and October this year.
Forever 21 runs 815 stores in 57 countries which could mean that the scale of the data compromised will be significant.
14th November
The builders merchant Jewson have advised their customers that they have suffered a security breach whereby credit and debit card details may have been compromised.
The hackers were it is believed left undetected for a number of weeks with time to explore the computer systems of Jewson. The source of the attack was a piece of code found in the Jewson Direct website which has now been removed
It is believed that this occurred in August this year with the ICO being advised of this earlier this month. A forensic investigation is being undertaken in order to ascertain the extent of the cyber attack. It is has also been recommended that customers monitor their accounts for any suspicious activity and to assist with this they have been provided with a 12 month membership of Experian ProtectMyID.
It is not know yet how many customers data might have had their data compromised.
9th November
Electroneum, a new British cryptocurrency start-up has suffered a distributed denial of service attack (DDoS) which resulted in investors being locked out of their accounts for a number of days. The website and mobile app was due to be launched last week but this was unable to take place.
The business estimates to have 140,000 people that hold its’ token and is claimed to make the use of this type of currency easier to utilize. Criticism has been aimed at the firm by users for not carrying out adequate testing of their systems.
Businesses such as these do not have an investor protection which rely on unregulated crowdfunding sales and in the event of a loss it would not be possible to recoup lost funds.
9th November
It is understood that developers coded credentials in error for assessing text messages and making calls for Twillio Inc. As a result of this was possible for hackers to access these personal details by examining the code in these apps which would enable them to access to data that was sent over these various services.
Apps affected include AT&T Navigator and a number of GPS apps on Android and Apple’s iOS mobile phones as reported by Appthority, a cyber security consultancy.
The impact on Twilillio Inc. saw their shares drop by 7% once the report was released.
1st November
A Russian cybercrime group is thought to be behind “The Silence Trojan“which has focused on financial institutions in Russia, Armenia and Malaysia. The attack takes place with e-mails containing malware which infiltrates already compromised banks to send infected e-mails from the addresses of real bank employees. Once the attachment to the e-mail is opened it releases a payload onto the computer. This instantly sends the ID of the compromised computer to the hacker’s control and command server which then sends down the Trojan.
The hackers then wait by monitoring day by day activity which can review the banks network and then steals the money at an appropriate time.
It is not know how much money has been taken from the affected banks.
October Cyber News
30th October
London Bridge Plastic Surgery, which is based in Marylebone has suffered a cyber attack where its seems that sensitive images of celebrities have been stolen.
The matter has been reported to the Metropolitan Police and comes after a spate of similar attacks on US clinics.
It is believed that the hacking group the Dark Overlord was responsible for this as they sent stolen photos to a US news site. The hacking group state that they have an entire patient list with photos which they have threatened to release, the “medical dump” is promised to be on a large scale.
24th October
A new strain of ransomware called “Bad Rabbit” has been identified which is spreading in Russia, Ukraine and other parts of the world.
The systems compromised three Russian websites , an airport in Ukraine and an underground railway in Kiev. Similarities exists to that of the WannaCry and Petya ramsomware attacks that took place earlier in the year throughout the world.
Two of the affected websites are Interfax which is a Russian news agency and Fontanka.ru another media firm. The Russian Central Bank have also reported attacks on systems on Russian financial institutions.
Bad Rabbit encrypts the contents of a computer and requests payment of 0.05 bitcoins. The malware is undetected by many anti-virus programs and has been distributed by a bogus Adobe Flash update.
24th October
Appleby, the offshore legal firm based in Bermuda advised that it has suffered a cyber attack last year which resulted in client data being compromised.
The clients affected were understood to be some of Britain’s richest people and includes banks, FTSE 10 and Fortune 500 companies.It is believed that the breach occurred in May 2016
Further details of the leaked documents are it is understood to be released in the coming days /weeks which will no doubt be sensitive due to the nature of the individuals and businesses involved.
21st October
It has been revealed by the National Cyber Security Centre that Northern Ireland infrastructure has been subject to significant cyber attacks from foreign states. The reasons for this is believed to be to find out how systems work so that they can be compromised in the future.
Attacks on critical infrastructure are a major concern to all countries as the impact can be very severe affecting the fundamental safety and power sources that it depends upon.
18th October
Domino’s Australia have suffered a loss of customer’s personal information. The Australian Information Commissioner is to investigate but it appears that this was not the result of a cyber attack on their computer systems but that of a result of a former suppliers systems.
Customers’ have been receiving spam e-mails from sources that knew their names and addresses. Domino’s, it seems did not notify it’s customers of the breach which has not gone down well and shows how important it is to manage a data breach.
In Australia mandatory data breach notification does not come into form until February 2018.
16th October
The production firm, Mammoth Screen who were commissioned by Channel 4 to make a film about a British Nuclear scientist taken prisoner in North Korea have been hacked. The program entitled Opposite Number has for the time being been shelved. the hackers are believed to be from North Korea.
When the program was announced North Korea officials were unhappy with this and asked the government to pull the proposed series.Channel 4 were originally targeted but it is believe that the production company were the ultimate target.
It is understood that British Intelligence were advised of the attack.
15th October
Swedish transport authorities have been hit by a DDoS attack that bought down a number of IT systems causing delays to trains.
The first recorded attack was the Sweden Transport Administration (Trafikverket) where the website went down making it impossible to make bookings or access travel information of trains. Two other public transport operators were also hit a few days later.
The source of the attacks are unknown as of yet however speculation has suggested a nation state attack who wanted to infiltrate the Swedish transport infrastructure.
13th October
Hyatt Hotels have been hit by a cyber attack where 41 of their outlets in 13 countries have seen their payment system breached with 18 of these being in China.
Unauthorized access took place between March and July this year where names , card numbers, expiration dates were seemingly compromised. Guests have been contacted that may have been impacted and advice provided as to what action to take.
An internal investigation has been undertaken by the hotel group which is expected to provide further information as to the cause of the breach.
This is not the first time that Hyatt have had their payment processing system targeted, in 2015 this was infected by a malware attack that affected 250 hotels in 50 countries.
12th October
The Australian government has released a statement that revealed that a hacker breach a domestic national security contractor last year and stole data that related to plans for military jets.
It is understood that the hackers breached the company’s IT help desk portal by exploiting a 12 month old vulnerability in the software that the contractor had failed to patch.
It is not known who carried out he attack, who was known as “Alf” but it is believed that the hacker had access to the systems for about four months. The hacker has not been identified but it may have been a nation state actor or a group of cyber criminals.
Reports have stated that the data that was obtained related to commercial rather than military data which was not classified nevertheless this is still a serious breach which again appears to have resulted from software not being updated.
10th October
Far Eastern International Bank in Taiwan has been hit by a cyber attack where hackers planted malware on its’ servers and sent unauthorized messages through the banking Swift network. These were routed to accounts in Cambodia , Sri Lanka and the USA.
$60,000,000 was stolen from the bank but it is understood that all the money has been recovered apart from $50,000 has been recovered with two men being arrested in Sri Lanka.
The Taiwan Premier has subsequently ordered that all government agencies review their information security defences.
The Swift banking system was subject to a cyber attacks last year affecting a number of banks around the world.
8th October
The first UK data leak class action is just about to begin in the High Court . Thousands of Morrisons staff are claiming compensation for the distress caused by their personal details being posted on the internet. This was as a result of a security breach in 2014 when Andrew Skelton leaked the payroll of nearly 100,000 employees which included names, addresses, bank account details and salaries, this was then placed on-line and sent to the newspapers.
Andrew Skelton was found guilty in 2015 of fraud and disclosing personal and was jailed for 8 years. The motive for his actions was a grudge over an incident where he was accused of dealing in illegal highs whilst at work.
The employees claim that the data breach increased the risk of identity theft and possible financial loss and that Morrisons failed to keep their data safe. Morrisons denies liability, the trial which is only set to determined liability is scheduled to last for two weeks.
4th October
Last year Yahoo revealed that the 2013 cyber attack had compromised one billion accounts however it has now announced that the attack was far greater and may have affected all three billion of Yahoo’s user accounts.
This was ascertained after forensic investigation had helped determined the true extent of this attack. Verizon Communications, who acquired Yahoo earlier this year have since invested in further security which also helped make this discovery.
The personal details obtained included names, date of births, phone numbers and passwords. it is also believed that it included security questions and back-up e-mail addresses. The hackers are rumored to have emanated from Russia.
Yahoo used MDS which is not believed to be a strong hashing algorithm so passwords using this could be more vulnerable.
This attack remains one of the largest data breaches ever recorded
September Cyber News
26th September
The Irish National Teachers Organisation (INTO) have suffered a data breach which has is believed to have been carried out by hackers overseas.
It is understood that up to 30,000 teachers have have had their data compromised in the attack. The attack allowed the hackers to access names, e-mail addresses gender and course information. In some instances mobile phone numbers and teacher registration numbers were accessed, however no passwords were accessed.
The reason behind the attack was to use the website’s server as a base from which to send spam messages.
This attack has been reported to the Office of the Data Protection Commissioner.
25th September
Deloitte, one of the “big four” accountancy practices have been hit by a hacker that has compromised the confidential e-mails and business plans of some of its major clients.
It is believed that the cyber attack went unnoticed for a number of months before the consequences of the attack were discovered. So far it is understood that only a small number of Deloitte’s clients have been affected and have been informed of this incident.
The cyber attack was thought to have occurred in March this year however it could have gone back as far as November last year.
The attack has seemed to have occurred through an administrators’ account that can provide unrestricted access to most areas of a business. The source of the attack is unknown as to whether it was maybe a business competitor or a state sponsored
Deloitte’s have launched an internal enquiry into this cyber attack.
8th September
Equifax, the US credit report agency had advised that 143 million customers have had their personal information compromised as a result of a cyber security breach. The data accessed is understood to be social security numbers, date of births and addresses. UK and Canadian customers were also affected but not to the same extent.
It is believed that the cyber attack occurred earlier this year between May and July this year.
The hackers gained accessed by exploiting a website vulnerability but as yet there are no further details are available.
A cyber security firm is working with Equifax to ascertain what happened , the FBI have also been briefed. Regulators in other countries have also been informed. This includes the ICO here in the UK.
Equifax will implement credit monitoring and identity protection for the affected customers for 12 months.
5th September
Student Loans Company are being targeted by a phishing scam which is aimed at first time students. E-mails claim to be from the student loan company but instead transfer the victim to another website where personal identifiable information is stolen.
The phishing attack states that accounts have been suspended and requests additional information in order that the account can be reactivated.
Action Fraud have issued warnings of this scam and it looks as if a wider section of students are now being hit by this phishing attack.
4th September
Six million Instagram accounts have been compromised online as a result of hackers creating a dark web database of personal information by managing to access their details for $1o a time. The information obtained related to private telephone numbers and e-mail addresses.
Details of the attack were subsequently discovered after the Instagram account of Selena Gomez was hacked. Further details were also discovered of other celebrities on the dark web.
A Russian group called “Doxagram” have claimed responsibility for the attack.
Instagram have now fixed the bug which caused the vulnerability and have provided guidance to its users on how to protect themselves.
August – Cyber News
30th August
A spambot called Onliner Spambot has compromised 71.1 million e-mail addresses and passwords . Spammers use these credentials to send out software spam which gets around spam filters by using legitimate e-mail servers.
The discovery of this was made by a security researcher in the name of Benkow who uncovered an open web directory on a web server that was being used by Onliner. They then use credentials harvested from other security breaches which included the Linkedin hack from 2012 and various phishing attacks.
28th August
NHS Lanarkshire has been the subject of a ransomware attack which resulted in a number of appointments and procedures being cancelled. It is believed that the attack was not related to Wannacry or NotPetya ransomware strains.
It is understood that the source of the malware attack has been identified and investigations are on-going as to how the computer systems were compromised.
Security software was up to date but this was apparently a new malware variant which had attacked the systems. An updated signature has been installed in order that this new variant can be detected in any future attacks.
22nd August
The Russian hacking group known as the Fancy Bears have released details of the names of three footballers who were cleared to use banned substances at the 2010 World Cup. The three were among 25 footballers given therapeutic use exemptions during the tournament in South Africa.
The group also claims that 160 players failed drugs in the 2015 World Cup.
This is the first time that Fancy Bears has leaked details of footballers.
15th August
The Scottish Parliament have been subject to a sustained”brute force” cyber attack. The hackers were targeting the e-mail accounts of MP’s by trying to crack their passwords. It does not appear that any e-mail accounts were compromised, but some accounts MP’s were locked out of their accounts. The parliaments computer systems it is understood remained operational throughout the attack
This attack appears to be similar to the one that hit the Westminster parliament earlier this year where 90 e-mail accounts of MP’s were believed to have been accessed.
It is suspected that the attack may have been carried out by a Russian or North Korean agency
14th August
HBO continue to suffer from the hands of the recent cyber attack where episodes of Curb Your Enthusiasm and Insecure have been leaked.
It is understood that HBO offered the hackers USD250,000 as a form of “bounty payment” in order to stop the release of any further episodes of shows from the television network.
The hackers have gained media attention from this incident and apparently seem keen to further expose further information that might divulge details of other programs.
10th August
The Ukraine’s National Postal Service has been hit by a two day cyber attack which hit its online system that tracks parcels. The attack was a Distributed Denial of Service attack (DDos) against Ukposhta’s website which took place on Monday and lasted until Tuesday.
This is not he first time that this has happened this year as they were also impacted by the NotPetya ransomware attack last month.
9th August
TNT , who are owned by FedEx are still suffering from the after effects from the NotPetya cyber attack that occurred last month. Manual processes are still being used to get packages out to its customers and this has resulted in the delivery of these packages taking longer than normal to get to their destinations. Delivery details have not yet been fully recovered with this data still being encrypted and staff therefore being unable to send the packages out.
Some critical medical supplies have delayed which were scheduled to be delivered to to medical theatres in hospitals.
The impact of the late deliveries has impacted on various walks of like , late delivery of furniture, small businesses relying on materials, a wedding dress arriving late but just in time for a wedding.
NotPetya occurred over a month ago and customers have been critical that the business has not yet fully recovered from this cyber attack. This is likely to lead to reputational damage of the business.
2nd August
Today offensive Swastikas and far-right images were displayed on a Cardiff City Centre billboard after a hacker gained control of the screens connected to the shopping centre’s computer systems.
The hacker claimed that there was a security vulnerability with the screens which the hacker was able to exploit. The billboard was controlled by Blow Up media. South West Wales Police stated that they had received a number of calls about the screens.
It is understood that screens were switched off in order that the compromise of the computer systems could be rectified.
This is not the first time that this has occurred , a shopping centre screen at Liverpool One earlier in the year was similarly accessed by a hacker who posted images that the screens had been hacked.
July – Cyber News
31st July
Anthem, the US medical insurer have been subject to a further data breach where it is understood that personal health information in excess of 18,000 Anthem Medicare erollees may have been compromised.This is believed to have been caused by one of their employees who had been involved in a case of identity theft.
Individuals whose data has been exposed will be provided with free credit monitoring and identity theft restoration services for two years..
This is the second major data breach that Anthem have suffered in the last two years with Anthem agreeing a settlement last month of $115M in order to resolve a class action lawsuit.
31st July
Hackers have stolen the script for a forthcoming Games of Thrones episode which was as a result of a breach from HBO, the entertainment firm.
It is understood that 1.5 terabytes of data has been taken with episodes of other programs also being posted on-line with the promise of further material being released in the future.
HBO have confirmed that a “cyber incident” has taken place and that information has been compromised. The matter is being investigated with the authorities having also been notified.
27th July
It has been revealed that Virgin America’s corporate network suffered a hacker attack earlier this year which has resulted in the affected employees having to change their passwords.
The total number of employees and contractors involved were 3,120 and who had their login information compromised. It is understood a further 110 employees may have had personal information stolen.
Details of how the hacker gained access to the network are not yet known, two factor authentication was used so this restricted the options open to the hacker to gain access to the computer systems.
25th July
It is understood that a cloud to cloud brute force attack has been carried out against Microsoft 365 users affecting high level employees at a number of Fortune 2,000 businesses.
The attack was believed to have been carried out buy using well know cloud service platforms in order to carry out continual attacks on corporate Microsoft 365 accounts.
The pattern of attacks was “slow and low” and were carried out on 48 different businesses targeting senior individuals within these businesses.
With sensitive data being transferred to the cloud by many businesses now days the cloud will become more of a target for hackers.
24th July
It has been announced by the Department for Digital , Culture , Media and Sport that an investment of GBP14.50M will be made in a new Innovation Centre in London in order to develop the next generation of cyber security technology. The investment will take place over the next three years with the main aim of reinforcing the UK’s cyber security defences.
Businesses involved will be a cross section of large and small firms , innovative start-ups and industry specialists.
There is already an innovation centre in Cheltenham which was launched earlier this year and is therefore the second of its type to be set up in the UK.
24th July
The Swedish Government has announced that a significant data has occurred in one of its own departments during an outsourcing incident in 2015.
Confidential data concerning military personnel, together with defence plans and witness protection details were leaked by their Transport Agency.
It is not know if the data in question was deliberately released and the government does not appear to be immediately concerned by the data loss.
http://www.bbc.co.uk/news/technology-40705473
14th July
The Solicitors Regulatory Authority (SRA) have revealed that they are seeing an increase in the number of UK home owners being targeted during the conveyancing process.
A hacker will impersonate the buyer’s solicitor by way of a false e-mail address requesting that they transfer funds to a different bank account. This can also occur where the hacker pretends to be the seller asking that the solicitor transfers the funds to another bank destination.
Once the funds have reached the hackers account the funds are rapidly transferred to another bank account and then moved to other offshore accounts which make it very difficult to trace.
During the first three months of this year the SRA advised that GBP3,000,000 had been stolen in 45 recorded incidents. Furthermore the National Fraud Intelligence Bureau advised that the average loss per individual was GBP101,000.
13th July
Bupa have suffered a data breach that has affected approximately 500,000 customers.
it is understood that a Bupa employee has inappropriately copied and removed international health insurance plan details which has included names, dates of birth, contact and administration information.
The employee need been dismissed by Bupa with legal action likely to be taken against the employee in question.
The ICO has been made aware of the incident.
This is a good example of how insider threats can caused disruption and reputational damage to a business.
9th July
Hard Rock and a number of other hotel chains have been hit by a breach of their hotel booking system . The system is a platform provided by Sabre Hospitality Solutions and they have issued a statement that hackers have obtained full card details of customers with fraudulent holiday bookings being made.
The number of hotels affected are 11 in the USA
It is believed that Loews and Trump Hotels have also been impacted by this breach of their booking systems.
June – Cyber News
27th June
An ICO investigation has found that Boomerang Video Limited failed to take basic steps to prevent their website being hacked which ultimately allowed its customers data to be compromised.
In 2014 more than 26,000 of Boomerang Video Limited’s customers had their data accessed by an SQL injection.
The ICO findings included the following :-
Failure to carry out regular penetration testing on its website
Failure to ensure that the password for the WordPress account was sufficiently complex.
Some information was unencrypted and that which was was accessed because the encryption key was unsecure.
Encrypted cardholder details and CVV numbers were held for an unacceptable period on the web server.
The fine imposed by the ICO was £60,000 and this could have been a lot larger if the General Data Protection Regulations were in place which will be the case this time next year.
24th June
Which? magazine has revealed that after a study, hackers could access Virgin Media’s Super Hub 2 router which would allow access to a users numerous smart devices. Devices, for example that could be affected are CCTV cameras and children’s toys.
Virgin Media have advised that they feel the risk is small but have nevertheless told 800,000 customers to change their passwords to help prevent a possible compromise of their router by a hacker.
The Which ? study tested 15 devices of which 8 had security flaws. In one test a home CCTV camera system was hacked using an administrator account which was not password protected. As a result of this hackers were able to watch live pictures.
This is a good example of a “Internet of Things” cyber attack where connected devices can be compromised remotely with a hacker taking control of one or more devices . This a worrying area and one that can impact of businesses and individuals.
20th June
Nayana, a South Korean web -hosting firm has apparently agreed to pay a ransom of $1M as a result of a ransomware attack.
This is believed to be a record amount to be paid, well at least the largest amount in the public domain , it is not always the case that ransom payments are revealed. The ransom originally requested was $4.40M but negotiated down to $500,000, however it is understood that the hackers increased this to $1M at the last minute.
The ransomware strain was Erebus which targets computers running Microsoft Windows and modified to work on Linus based systems.
This is a high profile attack and will further help highlight the perils of ransomware attacks which follows closely in the wake of the WannaCry attack last month.
19th June
Skype have been subject to a DDoS attack from a group called CyberTeam which prevented users from accessing the Skype services.
It was initially reported that users were losing connectivity or were unable to send or receive messages. In response to this Skype made some configuration changes to their systems in order to try and rectify the situation. It is understood that the matter has now been resolved.
It is not know how many users were affected, however it appears that no data was stolen during this attack.
CyberTeam seem to be establishing themselves as a DDoS specialist making claims that there will be future attacks on specifically targeted business.
16th June
Gloucester City Council has been fined £100,000 by the Information Commissioners Office (ICO) as a result of employees personal data being compromised by a hacking attack in 2014.
Approximately 30,000 e-mails containing financial and sensitive information of between 30 to 40 members of staff was compromised. This was accessed from the council’s mailboxes by the cyber attack. It is believed that the attack was undertaken by the group Anonymous.
At the time , the well- known Heartbleed bug which had the capability to exploit information disclosure vulnerabilities was the entry point for the attack. The outcome of this is that it is possible for a hacker to access the contents of a server’s memory.
A patch had been made available but it is understood that Gloucester City Council did not apply this as they were in the middle of outsourcing their IT services to a contractor which left part of their computer systems vulnerable to a cyber attack.
9th June
Game developer CD Projekt Red has been subject to a cyber extortion attack but has not acceded to the extortionists demand.
It is understood that the forthcoming video game Cyberpunk 2077 was obtained and that a threat was issued that this would be published on-line. How the files were accessed is not clear yet whether this was via a data breach or whether they were physically taken.
The media and entertainment industry seems to be a popular target for hackers following the recent Netflix and Disney cyber attacks.
8th June
Britney Spears Instagram account has been subject to a malware attack which has then been utilized to co-ordinate subsequent attacks.
The malware was called Turia which was used to post comments relating to pictures on the Instagram account.
During the time that the malware was active very few comments were posted on the account.
May – Cyber News
31st May
Grozio Chirurgija , a plastic surgery clinic in Lithuania has suffered a data breach which has resulted in more than 25,000 private photographs being posted on-line. It is understood that passport and credit car details were also taken.
A number of patients in Denmark, Germany , Norway and the UK have received ransom demands of up to E2,000.
Back in April the clinic receive a demand for E344,000 from the group claiming to have carried out the attack stating that this was a “small penalty fee” for having vulnerable computer systems. The clinic refused to pay and the photographs were released. It is believed that a hacking group called Tsar Team was responsible for this attack.
The Lithuanian Criminal Police Bureau are investigating the data breach.
30th May
Chipotle Mexican Grill restaurants has been hit by malware that enabled hackers to steal their customers payment data. It is not know how many payment cards or customers have been impacted by the breach but it is believed that most of the chains 2,250 restaurants have been affected.
It is understood that the breach occurred between 24th March and 18th April this year. the data stolen included account numbers and internal verification codes.
The investigation that is on-going has identified that the malware searched for data from the magnetic stripe of customers payment cards.
Due to the size of the breach and the number of records that have been compromised it is likely that Chipotle will face a fine from from the authorities.
29th May
Liverpool One shopping centre have suffered an embarrassing compromise of its computer systems . A large digital billboard outside its’ shopping centre was defaced by hackers showing the message ” We suggest you improve your security , Sincerely your friendly neighbourhood hackers”
The message was tagged “#JFT96” which stands for “Justice for the 96” relating to the 1996 Hillsborough disaster.
The screens are operated by an external company, Elonex who are carrying out an investigation into the incident.
This is perhaps another example of a computer system that may have been over looked as being vulnerable to a cyber attack. It does demonstrate that it is important to assess all systems and what they are linked to.
18th May
Zomato , the Indian restaurant app has reported that 17 million of its users passwords may have been compromised as a result of a hacker attack.
Users have been advised to change their passwords however it is not thought that any banking details have been taken.
It is believed that Zomato were using an outdated algorithm in order to hash its users passwords which made it easier for the hackers to gain access to their systems.
16th May
Bell Canada , the Telecoms company has revealed that 1.90M customer details have been compromised. This is about 10% of their total customer base.
To date there is no indication that any personally identifiable information has been stolen
It is understood that the Privacy Commissioners Office are investigationing is breach.
13th May
The ransomware cyber attack that hit the NHS yesterday, now know as WannaCry (as reported in our Cyber Crime and Data Breaches section) has also hit the Sunderland car manufacturing plant of Nissan which resulted in the manufacturing systems going down.
The attack started to take affect yesterday from 5pm and by 10pm the production line had been hit, however it is not clear as to what extent this has had on the actual production of cars.
Nissan are now carrying out a full investigation into the cyber attack.
Further reports have been received that’s the ransomware attack hit Renault , FedEx , a German train station and government buildings in Russia.
11th May
A ransomware attack on Netflix has resulted in a number of episodes being released on a pirate website.
The first 10 episodes of “Orange is the New Black” of series 5 was from Larson studios, an audio production company at the end of 2016. Larson Studios was a third party vendor to Netflix and it was their systems that was compromised that lead to the series being stolen.
It is understood that Netflix did not pay the ransom and as a result of this the series was released onto the pirate website. The amount of the ransom was believed to be 30,000 bitcoins ( £53,000).
9th May
Microsoft has issued an urgent update in order to stop hackers taking control of computers via a single e-mail.
The bug has been found in Windows Defender which is Microsoft’s anti-malware software and can be accessed even without the recipient even opening the e-mail.
It is possible for hackers to take advantage of this by sending an infected e-mail , an instant message or getting the user to click on a browser link. Windows Defender then just needs to scan the malicious content in order for he virus to be activated.
4th May
Hotpoint’s UK service websites who host repair advice and manage link services to warranty forms were attacked by hackers for a period of six days. During this time users were directed to a number of suspicious websites.
The attack took place just before the Easter break and it was at least four days before their IT services were able to respond to this email the holiday period.
It is understood that fake Java update dialogs started to appear on the Hotpoint websites where clicking on the JavaScript then sent malware into the computer system.
Hotpoint have now addressed this situation and believe that no users data has been taken.
3rd May
Google Docs have suffered a phishing scam wherever users received an e-mail from one of their contacts which invited them to view a file on Google Docs.When clicked on the link they were taken to the Google login page and asked to allow the application “Google Docs” to obtain access to their Google account.As a result of this the application provided provided permission to manage their Gmail account and contacts.
Google have advised that only approximately one million users had their accounts compromised.
The accounts affected have now been disabled in order to remove the fake pages.
Google are now implementing new measures to reduce the dangers of spoof e-mails.
April – Cyber News
27th April
A psychiatric centre in Bangor, Maine has suffered a hacker attack whereby personal information of 4,000 individuals s been stolen.
The information taken included medical details such as diagnosis notes, names, addresses and social security numbers.
The actual attack took place last month as a result of the hacker getting through password security on the computer system which permits the employees of the centre to access the patient files remotely.
It is understood that notification letters are being sent to the patients advising them of the breach and that credit monitoring services have been offered.
20th April
U.K. based Intercontinental Hotels Group (HIG) has revealed that 1,200 of its franchises around the world have been subject to a payment stealing malware attack. This included hotel brands within the group such as Holiday Inn Express and Crown Plaza.
Guests have been warned that may have had money stolen as a result of this attack which occurred during the period from 29th September Andy 29th December last year.
It is understood that HIG have offered its franchised properties a free forensic examination to ascertain if they have been infected by the malware but it is believed that there has been limited response to this and consequentially further breaches may have taken place.
HIG has encouraged the group to install secure payment solutions which ensures that customers data is encrypted at all times. The properties who have had this installed were unaffected by the malware attack.
18th April
Hackers recently set off 156 Dallas emergency sirens late at night. The sirens operate via a radio communications system as opposed to utilising the internet.
It is belived that the hacker either managed to gain control of the radio communication system or gathered control of the privileges that then provided access to manipulate the emergency sirens.
The consequences was loss of sleep for the population and jamming of the emergency services . This infrastructure hack is a growing trend that could lead to far more serious implications if for example power plants or electricity grids were targeted.
16th April
The RingGo parking payment application has been subject to a significant data breach.
It is believed that thousands of RingGo users have had their personal details shared with other customers following a recent update that took place on the application.
This came to light when motorists said found out that other users were logging into their own accounts and that users were also being denied access to their account despite the login details being correct or being requested to change their password.
The car parks affected were run by Kirklees Council in Huddersfield.
RingGo beileve that as many as 2,000 people may have been affected out of the 18.000 who had downloaded the application.
10th April
Wonga has suffered a data breach that may have affected up to 245,000 customers in the U.K. with a further 25,000 customers also possibly being impacted by the breach.
These figures suggest that this could be one of the biggest breaches in the U.K. to date.
It is understood that full bank card details were not taken but details such as names , addresses, sort codes and the last four digits of the cards may have been compromised. The TalkTalk breach of 2015 did not include any financial data so this is a worrying development that hackers are becoming more sophisticated in being able to have the capabilities to access more precise financial information.
Wonga is carrying out an internal investigation into the breach and the nature of how it was caused. The ICO will also no doubt be carrying out their own enquires into the compromise of customers personal information.
9th April
It has been revealed that a team of cyber bank robbers infiltrated a Brazilian bank and took control of the entire computer system.
This was apparently achieved by changing the Domain Name System (DNS) registrations of all the bank’s online properties and taking over its desktop and website domains which took users to phishing sites that matched the official websites.
In layman terms users were redirected to websites that they thought were the original websites. This therefore allowed the hackers to steal login detail.
The extent of the losses incurred by the bank or its customers have not yet been disclosed.
1st April
McDonald’s Canada career website has suffered a security breach which contained personal details of job applicants affecting around 95,000 individuals.
It is understood that the compromised data consisted of applicants names,addresses e-mail , phone numbers and employment history with no details such as social insurance numbers or bank count numbers as this type of information was not required in the appplication processs.
The online website was shut down and an investigation instigated.The impacted individuals have notified. In the meantime applicants will have to apply for positions in person.
March – Cyber News
24th March
A Lithuanian man was arrested this week in connection with a $100 million phishing scam.
An Asian computer hardware manufacturer was registered in Latvia whereby various bank accounts were opened . Phishing e-mails were sent pretending to be legitimate e-mails from the hardware manufacturer where employees of the firm were induced to wire a total of $100 million to various location around the world.
17th March
It is understood that the Association of British Travel Agents ( ABTA) have suffered a hack attack which has exposed data of 650 ABTA members and 43, 000 consumers. The breach was apparently carried out late last month.
The attack was made against ABTA’s third party web developer and hosting provider by exposing a vulnerability in order to access the data. The data consisted of customer information , including complaints about ABTA and membership related data.
ABTA have called in an incident response consultants in order to assist in the management of the data breach.
The affected parties are in the process of being notified and also has the ICO. A helpline has also been set up for individuals should they be concerned about a possible loss of data.
The majority of records that have been compromised contained e-mail and encrypted passwords but it is believed that a number of further sensitive information such as names , addresses and telephone numbers was accessed .
https://www.theregister.co.uk/2017/03/16/abta_breach_data/
6th March
River City Media who are a spam operator and have database of circa 1.4 billion with names , IP addresses and in some cases a physical address have had their systems compromised which could result in one of the largest data breaches of the year.
It is believed that the database contained sensitive information about the company’s operations and that no usernames or passwords were in place to protect the database.
A repository of network back up files linked to River City Media was discovered by security researcher Chris Vickery and Steve Ragan of CSOOline who believe that this presents “a tangible threat to online privacy and security ”
http://thehackernews.com/2017/03/email-marketing-database.html
February – Cyber News
2oth February
A German privacy telecommunications watchdog has asked parents to destroy or disable a “smart” doll as it can be used to spy on children
The doll , My Friend Cayla is manufactured by a US company called Genesis Toys and distributed in Europe. The doll allows children to access the internet via speech recognition software and to also control the toy by using an app.
Germany’s Federal Network Agency have classified the doll as “illegal espionage” apparatus which could lead to the retailers and owners being fined if they still stock or fail to disable the doll’s wireless connection.
It is understood that hackers could access the doll via a bluetooth connection listening in on conversations as well as it being possible to speak directly with the child playing with the doll.
There could be wider ramifications for toy makers as concern has now been raised on children’s privacy and safety.
14th February
The Queen officially today opened the National Cyber Security Centre in Victoria, London. The NCSC has actually been in operation since October last year and is part of the GCHQ intelligence agency that is based in Cheltenham.
The main purpose of the NCSC is to help protect cyber attacks on government and business but also to protect the economy and wider society in the UK.
The UK has a thriving digital economy and therefore a strong reliance on technology , a major cyber attack would mean that the £180,000,000 sector would be at risk.
Since the commencement of the NCSC they have identified 188 cyber attacks which would be classified as Category Two or Three. The UK has not yet seen a Category One attack.
The NCSC will be based on volunteers with funding also being provided for the secondment of individuals to 100 corporations.
Legal powers are invested in the NCSC where they can go after adversaries who attack them but this would only be in very serious cases.
One of the projects currently being worked upon is to pro-actively discover vulnerabilities in public sector websites in order to help government departments better manage situations of e-mail spoofing and phishing attacks. The government is also a focus of cyber security measures with a view to these being rolled out on a wider scale to industries.
9th February
Isis linked hackers have targeted a number of NHS websites in the south-west of England which showed distasteful images of the Syrian civil war
It is thought that the NHS was chosen because it is very much a British Public Institution that hits on something that impacts on the public which is their health.
The attack on took advantage of possible vulnerabilities in the security systems.
A total of six websites were compromised by a group called the Tunisia Fallaga Team but no personal data was accessed or stolen.
The government had recently warned the NHS that they could be subject to cyber -attacks.
8th February
It is understood that Sports Direct were hit by a data breach last September, however the 30,000 workforce were not informed of this.
The hacker accessed internal computer systems which contained employees personal information. Access was gained via public vulnerabilities which affected the unpatched version of the DNN platform that Sports Direct utilize to manage a staff portal.
Employees unencrypted data was stolen during the breach which included names, e-mail and addresses. It is understood that the staff at Sports Direct are concerned that their personal data could have fallen into other parties hands.
The ICO were notified of this incident and are carrying out a full investigation.
2nd February
A town clerk working for Tiverton Town Hall in Devon inadvertently opened an e-mail that contained a virus which wiped out all the council documents since 2015.
The e-mail arrived in the main e-mail inbox claiming to be from a parcel delivery firm. The instructions stated that the parcel needed to be collected and that the URL link supplied in the e-mail would lead to a page that contained details of how to retrieve the parcel. The virus was then activated and infected all of the council’s records.
The person responsible said that the e-mail appeared suspicious when it arrived but was apparently opened in a rush. The virus was a ransomware attack and requested that £3,000 be paid in exchange for the encryption key.
The documents lost were mainly letters sent by households and did not include finance and planing information as these were on a separate computer system.
January – Cyber News
30th January
It is understood that a hacking group named Team System Dz took over Aberdeen City Council’s website for three hours. The group claimed that the council was targeted in response to Donald Trump’s travel ban on Muslims.
The website homepage was attacked on Saturday night and replaced with a screen that said “Hacked by Team System Dz and made reference to the words “Security Stupidity”
The hacking group is believed to be based in Algeria and has been responsible for over 200 attacks around the world.
An investigation is underway as to how the attack occurred, the council have however stated that no data was stolen as it was only a front end attack.
23rd January
The interruptions to Lloyd’s Bank on-line services that occurred two weeks ago was caused as a result of a denial of service attack (DDos). This prevented its customers from accessing their on-line accounts and accounts on mobile apps. It is understood that the attack lasted over a week and included the Halifax and Bank of Scotland.
The attack did not cause a compromise of the customers accounts and no personal banking details were stolen.
An investigation is underway so as to ascertain the cause of the attack.
13th January
Barts Health Trust has been hit by a Trojan malware attack which affected four of its hospitals in east London, The Royal London , St Barthlomew’s, Whipps Cross and Newham. At first it was thought that the cyber attack was caused by ransomare but this now appears not to be the case.
The Trust was targeted by a phishing attack which lead to a malicious software being spread throughout their Windows XP operation system. The Trust operates a file sharing system between its departments which has been isolated whilst an investigation is taking place.
It is understood that the Trust has triggered their contingency plans in the event of such a scenario.The initial investigation shows that no patient data was accessed.
A typical Trojan attack once activated can be used to copy block , delete or modify a users data. This form of Trojan attack is a one that has not been seen before.
10th January
The ICO has fined the Royal & Sun Alliance plc £150,000 following the loss of personal information of almost 60,000 policy holders.
The fine was made due to the theft from one of its offices of a hard drive which may have been as a result of an insider or contractor being responsible for this .
The investigation carried out by the ICO revealed that 59,592 policy holders names , addresses and bank account details including account numbers and sort codes were compromised. It was also ascertained that the device held some details of credit cards. The information was not encrypted and the device was not recovered.
The ICO found the Royal & Sun Alliance plc did not have appropriate measures in place to protect financial information to prevent the theft from its West Sussex offices.
10th January
It is understood that the Los Angeles Valley College has paid $28,0000 ( £22,500) in bitcoins as a result of a ransomware attack by a hacktivist
The ransomware attack was detected but it was too late to prevent thousands of files being encrypted as computer staff were locked out of a number of essential fields held on the servers. Apart from the data being lost , other services were put out of action which included the College’s network , e-mail and telephone system.
The decision to pay the ransom was not taken lightly and was only carried out as a last resort with the College’s students having just returned for the new term.
The College had taken out cyber insurance and it is believed that this was a factor in their decision to pay the ransom as the policy would contribute to some of the costs incurred by the attack. The fact that the policy provided access to a cyber response incident team helped managed the compromise of the College’s computer systems.
The source of the attack on the College is not yet known.
6th January
UK schools are a new target for cyber crime as revealed by Action Fraud this week.
It is understood that schools are being subjected to ransomware attacks where demands of up to £8,000 are made.
The attack is initiated by a cold call where the caller is claiming to be from the Department of Education and requests the head teachers e-mail addresses. An e-mail is then sent to the teacher containing a virus contained within a zip attachment alleging to contain sensitive details. The file is then opened and a virus is spread throughout the schools computer systems with the ransomware taking affect and locking down the network.
It is therefore important that all schools review their cyber security procedures and remain vigilant when suspicious e-mails are received in their in-boxes.
http://www.theregister.co.uk/2017/01/06/ransomware_crooks_target_schools/
Image : Shutterstock