Cyber Newsround will no doubt be as busy as it was last year with the cyber threat landscape ever evolving and presenting new and daunting challenges to individuals and businesses.
The City of New Orleans has been the subject of a significant cyber attack which has been severe enough for the mayor to declare a state of emergency.
Suspicious activity was noticed on the City’s network which resulted in the down powering of computers and the disconnection of Wi-Fi. It was later ascertained that this was a ransomware attack, the strain of which is unknown. It is understood that no actual ransom demand has been made.
The FBI are investigating and further details are expected to be announced shortly.
Windows users have been targeted with a hybrid ransomware and data stealer program that encrypts computers whilst in Safe Mode so that endpoint security can be compromise.
The malware has been called “Snatch” which sets registry keys that instructs Windows to run it following a Safe Mode reboot. This then reboots the computer and starts encrypting the disk while it is running in Safe Mode. Most software including security programs do not run in a Safe Mode environment which makes it possible to access systems.
It has been recorded that ransomware demands have been made from $2,000 to $35,000.
Sweaty Betty has suffered an a cyber attack whereby a third party gained access to it’s website and inserted malicious code which was intended to capture data from customers at the check out.
Affected customers have been advised which it is believed took place at the end of November just before Black Friday. Data is likely to include names, passwords,billing addresses, e-mail addresses and payment card details.
It is understood that the ICO have been notified and that an investigation is being undertaken.
The National Cyber Security Centre ( NCSC) has been assisting a nuclear power company in the UK after it was subject of a cyber attack.
This was revealed in a Nuclear Decommissioning Authority (NDA) report which stated that a business in the Nuclear Power Generating Sector had been negatively impacted by a cyber attack.
No further details have as yet been made available in the public domain.
It has been announced that thousands of Disney customers have been hacked as a result of signing into its on-line streaming service.
Hackers have stolen account details on Disney + which it is understood to have appeared on the Dark Web. It is believed that the details may have been stolen by spyware installed on users devices or perhaps the re-use of log-ins stolen from another source. It is possible that up to four thousand users details may have been taken.
In under a couple of hours hackers were selling the details of these accounts for only $3 each.
The Labour Party have been hit by two cyber attacks in quick succession in under a week. The type of attack was a Distributed Denial of Service (DDoS) attack which is where computers are flooded with the intention of taking them off line and making them inaccessible.
It is believed that the attacks emanated from Russia and Brazil but no data was accessed or stolen. The incident was reported to the National Cyber Security Centre who stated that the Labour party followed the correct protocol in dealing with this matter.
Russian hackers have targeted sporting and anti-doping organisations around the world as a reaction to fresh allegations of anti-doping against Russia.
Microsoft have identified the attack to possibly coming from a group called Strontium , also known as Fancy Bear /APT28. These attacks are believed to have started in September where 16 authorities have been targeted.
The attacks took place in the form of spear phishing and password spray exploiting internet connected devices using open source and custom malware. It is understood however that most of the attacks were unsuccessful.
UniCredit, one of Italy’s largest banks has revealed that 3 million personal records of clients has been compromised. This is not the first data breach to be suffered by the bank which now the third cyber security incident despite investing in improving their systems.
It is understood that the breach related to a file containing e-mail and telephone numbers of clients but no actual bank details.
The Spanish city of Jerez de la Frontera has been hit by a ransom ware attack requesting a bitcoin payment so that the cities systems controlling their website could be released .
The amount of the bitcoin ransom has not been revealed. It is understood that the ministry of Spain has employed three computer experts in order to investigate and try and regain control.
The website will only be restored once it has been cleared completely safe to access.
It has been announced that Airbus has subject to a number of cyber attacks whereby its systems have been compromised via their supply chain.
The company has suffered four large scale cyber attacks all through different suppliers which are believed to include Rolls Royce and Expleo.
Hackers gained access via the VPN systems in an effort to access technical information on how Airbus components are certified and certain military details. It is believed that the Chinese might have been behind this attack.
Access via third party suppliers is increasing and it is important that cyber risk assessments are carried out on suppliers.
The individual who is behind the Football Leaks website,Rui Pinto is facing charges over alleged hacking activities whereby sensitive financial information of European football clubs has been assessed.
The information published also included details about players and coaches contracts together information on transfer fees.
The trail date has not been set and will take place in Portugal after Rui Pinto was extradited from Hungary.
Wikipedia went off line for a period of time as a result of a large DDoS attack that targeted a number of countries including the UK.
The hackers managed to take down the website which intermittent outages over a two day period.
The Wikipedia engineering team have identified the issue and working to rectify the situation.
Artificial Intelligence impersonating the voice of a chief executive has defrauded the CEO of a UK based energy company of £200,000.
It took place over a telephone call where CEO requested that payment be made urgently to a Hungarian supplier within the hour.
This is perceived as the new form of social engineering that is likely to impact on businesses therefore it is important that appropriate training is put in place so that staff are aware of this new threat.
It has been announced by Google that they have evidence that sustained attacks have been taking place of iPhones during the past two years.
These attacks have been carried out using websites which implant malicious software in order to steal contacts, photos and other personal data.
The hackers were taking advantage of 12 separate security flaws to gain access to the iPhones where thee were bugs in the Apple web browser Safari. Apple have since provided a software fix to combat this.
It has been revealed that 400 dental offices in the US have been subject of a significant ransomware attack where hackers have targeted a remote data back-up service provided by a third party provider.
Two Wisconsin based software companies provided a solution that delivered triple layer protection by backing up sensitive medical records to the cloud, an offline workstation and an in office hard disk drive.
Hackers managed to attack the infrastructure using the Sodinokibi ransomware virus. It is understood that a number of offices have been able to restore their records where encryption software has been deployed.
It is believed that 22 cities in Texas have been hit by a coordinated ransomware attack which is seen as one of the first of its type on this scale to affect municipalities.
The strain of ransomware has not been announced and neither has the actual cities involved in this attack. Incident response is in full swing which is helping to mitigate the impact of this attack and to keep essential services running.
Pearson, the educational software provider has announced that a data breach took place which involved 13,000 school and university accounts.
The details compromised consisted of first and last names, dates of birth and e-mail addresses.Pearsons have not revealed how this occurred but it is understood that the incident went unnoticed for a number of months before it was discovered.
The City of Naples has been hit by a cyber attack involving a sophisticated phishing ploy by hackers.
It is understood that funds were paid over to a bogus bank account set up by the hacker pretending to be a representative of a construction firm. The amount of money involved has not yet been revealed.
The initial e-mail behind the phishing attack was flagged but after further examination it was considered not to be suspicious and the money was sent as instructed.
The South East Asian region of Sephora is understood to have been subject to a significant data breach.
The data breach happened where customers were using on-line services that included Singapore, Malaysia,Australia and New Zealand.
Personal information is likely to have been exposed it it is unknown if financial details were revealed. Personal preferences for beauty products are also likely to have been revealed.
Capital One, the US commercial bank have been hit by a significant data breach where it is believed more than 100 million customers in the US and 6 million in Canada have had their personal details compromised by a hacker.
The breach enabled the hacker to obtain access to credit scores, balances which also included social security numbers of circa 140,000 customers.
An individual has been arrested by the FBI in connection with this incident.
Most of data appears to have been that of consumers and small business who applied for credit cards between 2005 and 2019. The data included telephone number, e-mail addresses, dates of birth and income information.
City Power, a major electricity supplier in Johannesburg, South Africa has been subject to a ransomware attack.
As a result of this attack their IT systems were shut down for a period of time but were eventually restored.
The ransomware attack began by infecting a users ability to purchase pre-paid electricity and how the organisation dealt with localised blackouts.
It is not yet known whether the ransom was paid to the hackers or whether the ransoware code was unencrypted in order for services to be resumed.
This is turning out to be the month of “fines” where regulators are showing their teeth from the UK and US.
Equifax have agreed to pay at least a $575M fine possibly increasing to $700M. This relates to the settlement of actions bought by 50 US states and territories, the Federal Trade Commission and the Consumer FinancialProtection Bureau arising out of the 2017 data breach.
This exceeds the previously highest data breach fine of $148M suffered by Uber.
As well as being fine Equifax will have to undertake improvements in their cyber security which is likely to go into millions of dollars. The response to the incident demonstrated that Equifax were not as prepared as they should have been. It was evident that their response plan failed in certain areas including the building of an insecure stand alone breach website which compounded the data breach.
It has been announced by the Bulgarian authorities that millions of data belonging to Bulgarian nationals has been stolen from the country’s tax agency in a massive cyber attack.
It is is not yet known who is behind this attack as investigations are undertaken but a 20 year suspect has been arrested in connection with the cyber attack.
The type of data compromised was names and addresses, personal income details and includes almost the entire adult population of Bulgaria.
It is likely that the tax agency will now face a fine under GDPR should it be evidenced that appropriate cyber security measures were not in place to prevent this incident.
It has been revealed in the annual report by National Cyber Security Centre (NCSC) that an attempt was carried out to defraud thousands of people using a bogus e-mail from a U.K. airport.
The NCSC has not shared the name of the airport where hackers tried to use a fake gov.uk address. The scam involved 200,000 e-mails to the public asking that they pay a fee in order that a larger refund could be received. The NCSC took the hackers e-mail off line to ensure that replies could be received.
A report released by the House of Lords following research by Imperial College London of Global Health Innovation has highlighted that the NHS computer systems do contain vulnerabilities that could compromise patients safety.
The report states that many of the NHS systems are outdated and require upgrading. This is a result of under investment and a deficit of the appropriate skills required to manage cyber security.
The vulnerabilities of the NHS were previously bought to light during the WannaCry attack in 2017 which was not a particularly sophisticated attack.
The report reveals that a significant attack could leave medical staff in the position of being unable to access patient data such as x-rays and blood results and therefore being unable to provide the required care. Furthermore the report signalled that the new being used such as AI and robotics needed to ensure that it had the proper cyber security in place to prevent access by hackers.
A number of initiatives have been proposed which will be implemented together a newly formed unit called NHSX that will oversea digital transformation.
Before the ink has dried the ICO issued a further fine against the US hotel group Marriott International in the amount of £99.20M. This related to a data breach that was discovered in 2018 where 339M guests had their data compromised.
The data breach included 30 million records belonging to Europeans and false under the jurisdiction of the GDPR and the regulatory body in the UK the ICO.
The actual data breach emanated from Starwood who Marriott acquired three years prior to the data breach.
Marriott will also contest this fine which was imposed as the ICO found that they had failed to properly review Starwood’s data practices and should have made a greater effort to secure their Systems . The ICO stated that during the due diligence process of any acquisition it is important that consideration is given to any personal data that the acquired company may have in terms of how this is currently being managed and how it will be post acquisition.
British Airways is facing a $230M fine from the ICO as a result of a data breach suffered by 500,000 customers last year.
The fine equates to £183.40M which is 1.50% of the British Airways worldwide turnover for 2017. The ICO after carrying out their investigation concluded the they had poor security procedures in place which caused the date breach. The ICO do have within their powers to fine an organisation 4% of their worldwide turnover.
It is understood that British Airways do intend to appeal against this decision.
The ICO’s Information Commissioner Elizabeth Denham stated that “People’s personal data is just that – personal” Furthermore “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it”.
British Airways are very disappointed by the decision and will be making representations to the ICO in the coming weeks.
It has been announced that the United States Cyber Command carried out online attacks against an Iranian intelligence group who were believed to have helped undertaken the recent attacks against oil tankers.These attacks were allegedly planned a few weeks ago as a result of this conflict.
The cyber attack involved multiple computer systems being targeted which include those controlling Iranian missile launchers.
The Department of Homeland Security have recently stated that they have seen an upturn in cyber activity by Iran which could impact American industries and government agencies that could result in the loss of data of fraud.
The parent company of Eurofins Scientific Services have reported that they were subject to a ransomware attack at the beginning of this month which has now been advised to the ICO.
The organization is the UK largest private forensic entity carrying out DNA testing , firearms testing and computer forensics. The police have as a result of this cyber-attack suspended work with Eurofins.
It is not clear yet the extent of the attack but a full scale investigation is currently underway. many of their IT systems were impacted not only in the UK but around the world.
The Riviera Beach Council in Florida have been hit by a ransomware attack as a result of a phishing attack when a member of the police force clicked on an e-mail link which distributed malware encrypting nearly every city computer network.This included the 911 emergency system, e-mail on-line payments and payroll.
The council decided to to pay the 65 bitcoin ransom equivalent to $600,000. It has been revealed that the attack took place at the end of May and since then the council have paid $914,ooo for new computers affected by the cyberattack.
This follows another recent ransom ware attack on a US city council where Baltimore was subject to a similar incident however the ransom was not paid on this occasion.
One of the largest suppliers of airplane parts, ASCO has been subject to a ransomware attack that has ceased production in a number of countries.
This was first discovered in its Zavantem plant in Belgium where the IT systems were crippled. This resulted in 1000 of its 1400 employees being sent home across four countries, initially this was planned for a few days but is now going to be for a full week.
ASCO provide parts for Airbus,Boeing,Bombardier and Lockhead Martin across airline and transportation sectors.
Information concerning the ransomware attack has been limited, as to whether the ransom has been paid and how the incident has been managed within the business.
The Spanish football league La Liga has been fined approximately £222,000 under the GDPR by the Spanish regulatory body AEPD.
The Spanish league’s official Andriod and iOS mobile app which once downloaded would once given permission to access the microphone to check to see the location of the user such as in a bar or pub. If it appeared that the user was in such a venue the software would check to see if the appropriate subscription of that venue was in place and had a commercial subscription in place.
AEPD stated that La Liga did not inform users about this monitoring practice and should have sought permission and that they were collecting the personal data of users. Whilst the app did have in place a process where permission was required to access the microphone users were unaware of what data may have subsequently been utilized. This is insufficient and in contravention of GDPR, it is understood that La Liga will appeal this decision.
A MiniDisc archive owned by the frontman Thom Yorke of Radiohead has been hacked whereby a $150,000 ransom demand was made for the recordings to be returned.
The band have subsequently made the recordings available with the proceeds to go to climate activists Extinction Rebellion. Fans were offered these files as a number of tracks were of historical interest and would have been a welcomed addition to many Radiohead fans record collection.
It has been revealed that photos of travelers and licence plates images have been compromised as a result of one of the sub-contractors’ of the US Customs Border Protection being subject to a cyber – attack.
The incident has affected about 100,000 individuals with information obtained when photographs were taken of travelers whilst entering and exiting the US at a border point over a period of one and half months..
The matter was discovered when the sub-contractor transferred photographs of licence plates and travelers images to its own network without the agency’s prior knowledge.
This highlights the important of there being robust cyber security in place for an organizations supply chain.
Leicester City Football Club’s website has been compromised which has resulted in customers having their financial details stolen.
Hackers have apparently taken details that include credit card numbers and CVV’s. It is suspected that Magento malware was utilised in the attack and that this originated from a third party website used by the football club.
It has not been disclosed how many customers were affected by this attack, a number of incidents have been reported where fraudulent transactions have subsequently been made.
BBC Watchdog has discovered that the personal information of many TalkTalk customers that were subject to the 2015 cyberattack are available online via a simple internet search.
The data that is available online includes email addresses, dates of birth and mobile phone numbers. It was also ascertained by the ICO that many of these customers had not been notified that their details had been stolen in the original data breach.
Suspected hackers believed to be responsible for the GozNym malware attacks on a number of US and Canadian banks have been charged by US prosecutors.
It is understood that they tried to steal $100M in April 2016 where infected electronic invoices were distributed to customers around the world.
Many Russian government officials have had their passport data posted on-line. It has been revealed that up to eight government websites have been compromised where data has been exposed.
A number of officials are understood to be high profile individuals with a total of approximately 300,000 leaked entries being at risk.
It has been announced that a zero-day vulnerability has been located on WhatsApp which has permitted hackers to listen into users groups.
Spyware was installed which allowed users chats to be exposed when microphone and cameras were accessed.
Facebook who own WhatsApp have now patched the software and have asked all users to update the app.
The city of Baltimore in the US has been hit by a ransomware attack that has resulted in a shut down of many of its computers servers which has been implemented to safeguard further damage.
The ransomware virus has yet been unidentified which has attacked critical public systems that includes the fire department and emergency medical services paralysing the city.
This is not the first time that the city has been hit where a similar ransomware attack was carried out last March which restricted 911 calls.
Austrian construction firm Porr have suffered a cyber–attack on its communication infrastructure where its telephone lines and-mails were severely disrupted.
It is believed that this was caused by a virus and an investigation is underway in order to determine how this managed to get through the firewalls of the organisation.
It is understood that that the German based IT services provided CityComp has been subject to a cyber attack which appears to have compromised clients data.
The attack was ransomware based demanding a ransom of $5,000 which threatened to release this data. The financial information of clients such as Ericsson, Toshiba and BT are believed to be at risk.
The hacker seems to have had access to CityComps systems for over a month before they were discovered.The hacker has since published the dat on the Dark Web which includes names and e-mail addresses, meeting notes with clients and details of confidential projects.
It is understood that a number of employee accounts of Wipro have been hacked as a result of a phishing attack. Despite this the Company Secretary has reassured investors that no critical business operations have been impacted.
Wipro are an IT services provider appear to to have been subject to a systematic cyber attack over a period of months which was a zero day attack. The intrusion was discovered when a forensic investigation was undertaken on their computer network.
A recent test of the cyber defence capabilities of U.K. universities has revealed that hackers are able to gain access to their computers within two hours which would put confidential data at risk.
The tests were able to access personal data finance systems and research networks. Penetration tests were carried out on over 50 universities. The attacks were carried out by ethical hackers working for Jisc (formerly the Joint Information Systems Committee) and the Higher Education Policy Institute which demonstrated 100% success in breaching the cyber defences that were in place.
Universities have been targeted in recent years with over 1000 attacks taking place in last year alone.
It is believed that Iran have been responsible for cyber attacks undertaken against the Post Office and a number of local government networks.
The attacks occurred just before Christmas with in excess of 10,000 records being taken which included e-mail addresses, postal addresses and phone numbers.Other entities were affected varying from private businesses to banks . It is possible that the Revolutionary Guard group of Iran were behind these attacks.
Toyota have suffered a data breach where hackers gained access to their IT systems and sales information of over 3 million customers.
it is understood that Toyota have undergone an audit of their systems in order that they can analyse where improvements can be made to help avoid a reoccurrence of a further data breach.
ASUS, one of the world’s laregest computer makers has unbeknownly installed a malicious backdoor on many of its customers computers.
This occurred last year when hackers compromised a server being used for their live software update tool. It is understood that the malicious file did have a legitimate certificate which made it appear to be an authentic software update.
It is believed that half a million users of Windows re dived the malicious code through the ASUS update server.
This is a good example of a supply chain cyber attack which is a growing concern to businesses.
The Police Federation of England and Wales (PFEW) the trade union for police workers has been subject to a ransomware attack. It is believed that the attack was not aimed specifically at the organisation but more of an opportunist attack.
The HQ in Surrey where the attack was discovered believe that no data has been compromised. The PFEW are however notifying the 120,000 individuals. The ICO have also been informed of this incident.
Norse Hydro who are one the biggest aluminium producers in the world have been hit by a ransomware attack that began in the US. It is understood that as a result of this attack a number metal extrusion and rolled plants were shut down.
The virus that caused this is known as LockerGoga which is new strain of ransom ware that encrypts the files of computers subsequently locking them and making s demand for a monetary ransom.
The company intends to restore the systems from their backup and it would that the ransom would not need to be paid.
The cyber attack has impacted on the share price of the company which initially fell when this was revealed.
Kathmandu, the outdoor clothing retailer has been subject to a breach of its on-line shopping portal where customers personal data may have been compromised.
it is not known how the cyber attack occurred but an investigation is underway in order to ascertain how this took place.
Iran have been behind a series of cyber attacks over the past couple of years which have centred around the Middle East and the US affecting in excess of 200 companies.
Microsoft announced this news earlier this week with hackers stealing corporate information and wiping data from computers. No particular sector was targeted with a wide spectrum of businesses being impacted.The group behind these is thought to be Holmium which are an established hackering group.
It has been revealed that hackers from China have been targeting universities in the US in order to steal military information. Universities known to have been targeted have been Massachusetts and Washington.
The focus of the hackers was believed to be maritime technology being used for the military. Access was obtained by phishing attacks where the networks were compromised.
The hacking group behind these attacks are thought to be Mudcarp Leviathan APT40 or Temp Periscope.
North Korean hackers are believed to be targeting critical infrastructure in the US. McAfee have released a report recently which states that almost 80 US business have been targeted relating to telecoms energy and defence.
Interestingly this appears to have occurred during President Trumps summit with Kim Jong Un.The US have apparently been aware of this activity.
Banks have also been targeting which is believed to be to acquire funds due the sanctions currently imposed on the country.
The Bank of Valetta in Malta has been hit by a major cyber attack which resulted in the bank being shutdown. It is understood that cash machines, mobile banking and e-mail services were impacted by the attack.
Hackers tried to steal 13 million euros from the bank via transfers to other banks around the world. Despite this no customers have had their bank accounts compromised.
A number of local businesses were affected by the cyber attack who relied on the processing of bank card payments.
The bank is working to get their systems back up and running as soon as possible.
Hackers have gained access to the Australian Parliament’s computer network however it does not appear that data has been stolen.
All users have been asked to changed their passwords and an investigation is underway.
It is believe.d that a state actor may be behind the attack with China one of the potential countries as they have been attempting to influence Australian politics for sometime. With elections due to take place shortly Russia could also be considered as the country behind the attack in view of the rumours that circulated during the last American presidential elections.
Metro Bank has fallen victim to a cyber attack that we have not readily seen before.
It is understood that hackers tracked mobile phones remotely and intercepted SMS text messages used as 2- Factor Authentification in real time. They were then used to log into the users bank accounts and insert new sessions thus being able to steal data and track the indivuals movements.
The flaw was exploited in SS7 which is a protocol used by telecoms in order to coordinate how they route calls ans SMS messages.
Metro Bank have stayed that only a small number of customers have been affected by this new form of cyber attack.
Airbus have disclosed that they suffered a security breach which resulted in unauthorised access to data.
As a result of this personal data was accessed being mostly professional contact and IT identification details of their employees.
An investigation is underway so that the cause of the breach can be determined.
Airbus announced that there was no impact to its commercial operations. The ICO have been notified inacoordance with the GDPR regulations.
France’s data protection regulator the CNIL has fined Google E50million for non-compliance of GDPR regulations and is by far the largest fine issued under these new regulations.
The company did not provide enough information to its users about its data consent policies and did not give sufficient control about how the information was utilised.
It is understood that Google will make an appeal against this fine.
A fake BBC News webpage has been set up by hackers aimed to convince users to part with money.
The page shows a bitcoin themed documentary previously broadcast by Panarama last year inc,using links on the page directing visitors to site promising to make them millionaires. It is understood that the fake page is spread via e-mails sent from hacked accounts.
The City of London Police’s cybercrime team has warned consumers to be aware of such scams.
An Israeli network researcher Noam Rotem has revealed that travelers around the world were found to be susceptible to a security vulnerability on an on-line flight ticket booking system.This system allows hackers to access and amend their flight details and to access their frequent flyer miles.
The on-line booking system is Amadeus which is utilised by 141 airlines around the world today including a number of major airlines it is however understood that Amadeus has now fixed the issue with additional security measures being implemented.
Customer credit card and personal data has been stolen from individuals who bought Lenovo laptops or Motorola mobile phones as hackers published details on-line.
This is as a result of the company being hacked on New Years’ Eve, the attack was claimed by the New World Hackers. The reason behind the attack was to test the organisations cyber resilience.
The ICO are monitoring the situation and it data breach has taken place formal notification will need to be made.
7th January 2019
Personal data from hundreds of German politicians and public figures have been accessed and released on-line.
The information disclosed included private e-mails, telephone numbers, holiday photos of MP’s which and celebrities which found their way onto Twitter.
The data has been released over regular intervals since December but this was however only discovered recently.
It is not known who carried out the attack but Russia is suspected to be the source.
4th January 2019
It has been revealed that the website for Dublin’s tram system has been subject to a ransomware attack where hackers demanded one bitcoin ransom.
The Luas website was taken down by the IT company who services it so that they could try and resolve the cyber attack.
Hackers have threatened to release data relating to the 9/11 attack on the World Trade Centre. These are confidential litigation documents concerning a number of high profile insurers.
The hacking group know as the Dark Overlord have documents which they have intimated that they will release on the “KickAss” dark web if their ransom demands are not met.
It is understood that 18,000 documents were stolen from a firm of US lawyers involving the insurer Hiscox. Hiscox have informed the policyholders of the incident.
Image : Shutterstock