Cyber Newsround 2019

Cyber Newsround will no doubt be as busy as it was last year with the cyber threat landscape ever evolving and presenting new and daunting challenges to individuals and businesses.

October

29th October 

Russian hackers have targeted sporting and anti-doping organisations around the world as a reaction to fresh allegations of anti-doping against Russia.

Microsoft have identified the attack to possibly coming from a group called Strontium , also known as Fancy Bear /APT28. These attacks are believed to have started in September where 16 authorities have been targeted.

The attacks took place in the form of spear phishing  and password spray exploiting internet connected devices using open source and custom malware.  It is understood however that most of the attacks were unsuccessful.

28th October

UniCredit, one of Italy’s largest banks has revealed that 3 million personal records of clients has been compromised. This is not the first data breach to be suffered by the bank which now the third cyber security incident despite investing in improving their systems.

It is understood that the breach related to a file containing e-mail and telephone numbers of clients but no actual bank details.

5th October

The Spanish city of Jerez de la Frontera has been hit by a ransom ware attack requesting a bitcoin payment so that the cities systems controlling their website could be released .

The amount of the bitcoin ransom has not been revealed. It is understood that the ministry of Spain has employed three computer experts in order to investigate and try and regain control.

The website will only be restored once it has been cleared completely safe to access.

September

26th September

It has been announced that Airbus has subject to a number of cyber attacks whereby its systems have been compromised via their supply chain.

The company has suffered four large scale cyber attacks all through different suppliers which are believed to include Rolls Royce and Expleo. 

Hackers gained access via the VPN systems in an effort to access technical information on how Airbus components are certified and certain military details. It is believed that the Chinese might have been behind this attack.

Access via third party suppliers is increasing and it is important that cyber risk assessments are carried out on suppliers.

23rd September

The individual who is behind the Football Leaks website,Rui Pinto is facing charges over alleged hacking activities whereby sensitive financial information of European football clubs has been assessed.

The information published also included details about players and coaches contracts together information on transfer fees.

The trail date has not been set and will take place in Portugal after Rui Pinto was extradited from Hungary.

9th September

Wikipedia went off line for a period of time as a result of a large DDoS attack that targeted a number of countries including the UK.

The hackers managed to take down the website which intermittent outages over a two day period.

The Wikipedia engineering team have identified the issue and working to rectify the situation.

August

31st August

Artificial Intelligence impersonating the voice of a chief executive has defrauded the CEO of a UK based energy company of £200,000.

It took place over a telephone call where CEO requested that payment be made urgently to a Hungarian supplier within the hour.

This is perceived as the new form of social engineering that is likely to impact on businesses therefore it is important that appropriate training is put in place so that staff are aware of this new threat.

30th August

It has been announced by Google that they have evidence that sustained attacks have been taking place of iPhones during the past two years.

These attacks have been carried out using websites which implant malicious software in order to steal contacts, photos and other personal data.

The hackers were taking advantage of 12 separate security flaws to gain access to the iPhones where thee were bugs in the Apple web browser Safari. Apple have since provided a software fix to combat this.

26th August

It has been revealed that 400 dental offices in the US have been subject of a significant ransomware attack where hackers have targeted a remote data back-up service provided by a third party provider.

Two Wisconsin based software companies provided a solution that delivered triple layer protection by backing up sensitive medical records to the cloud, an offline workstation and an in office hard disk drive.

Hackers managed to attack the infrastructure using the Sodinokibi ransomware virus. It is understood that a number of offices have been able to restore their records where encryption software has been deployed.

20th August 

It is believed that 22 cities in Texas have been hit by a coordinated ransomware attack which is seen as one of the first of its type on this scale to affect municipalities.

The strain of ransomware has not been announced and neither has the actual cities involved in this attack. Incident response is in full swing which is helping to mitigate the impact of this attack and to keep essential services running. 

5th August

Pearson, the educational software provider has announced that a data breach took place which involved 13,000 school and university accounts.

The details compromised consisted of first and last names, dates of birth and e-mail addresses.Pearsons have not revealed how this occurred but it is understood that the incident went unnoticed for a number of months before it was discovered.

2nd August

The City of Naples has been hit by a cyber attack involving a sophisticated phishing ploy by hackers.

It is understood that funds were paid over to a bogus bank account set up by the hacker pretending to be a representative of a construction firm. The amount of money involved has not yet been revealed.

The initial e-mail behind the phishing attack was flagged but after further examination it was considered not to be suspicious and the money was sent as instructed.

July

30th July

The South East Asian region of Sephora is understood to have been subject to a significant data breach.

The data breach happened where customers were using on-line services that included Singapore, Malaysia,Australia and New Zealand.

Personal information is likely to have been exposed it it is unknown if financial details were revealed. Personal preferences for beauty products are also likely to have been revealed.

30th July

Capital One, the US commercial bank have been hit by a significant data breach where it is believed more than 100 million customers in the US and 6 million in Canada have had their personal details compromised by a hacker.

The breach enabled the hacker to obtain access to credit scores, balances which also included social security numbers of circa 140,000 customers.

An individual has been arrested by the FBI in connection with this incident.

Most of data appears to have been that of consumers and small business who applied for credit cards between 2005 and 2019. The data included telephone number, e-mail addresses, dates of birth and income information.

29th July

City Power, a major electricity supplier in Johannesburg, South Africa has been subject to a ransomware attack.

As a result of this attack their IT systems were shut down for a period of time but were eventually restored.

The ransomware attack began by infecting a users ability to purchase pre-paid electricity and how the organisation dealt with localised blackouts.

It is not yet known whether the ransom was paid to the hackers or whether the ransoware code was unencrypted in order for services to be resumed.

22nd July

This is turning out to be the month of “fines” where regulators are showing their teeth from the UK and US.

Equifax have agreed to pay at least a $575M fine possibly increasing to $700M. This relates to the settlement of actions bought by 50 US states and territories, the Federal Trade Commission and the Consumer FinancialProtection Bureau arising out of the 2017 data breach.

This exceeds the previously highest data breach fine of $148M suffered by Uber.

As well as being fine Equifax will have to undertake improvements in their cyber security which is likely to go into millions of dollars. The response to the incident demonstrated that Equifax were not as prepared as they should have been. It was evident that their response plan failed in certain areas including the building of an insecure stand alone breach website which compounded the data breach.

17th July

It has been announced by the Bulgarian authorities that millions of data belonging to Bulgarian nationals has been stolen from the country’s tax agency in a massive cyber attack.

It is is not yet known who is behind this attack as investigations are undertaken but a 20 year suspect has been arrested in connection with the cyber attack.

The type of data compromised was names and addresses, personal income details and includes almost the entire adult population of Bulgaria.

It is likely that the tax agency will now face a fine under GDPR should it be evidenced that appropriate cyber security measures were not in place to prevent this incident.

16th July

It has been revealed in the annual report by National Cyber Security Centre (NCSC) that an attempt was carried out to defraud thousands of people using a bogus e-mail from a U.K. airport.

The NCSC has not shared the name of the airport where hackers tried to use a fake gov.uk address. The scam involved 200,000 e-mails to the public asking that they pay a fee in order that a larger refund could be received. The NCSC took the hackers e-mail off line to ensure that replies could be received.

11th July

A report released by the House of Lords following research by Imperial College London of Global Health Innovation has highlighted that the NHS computer systems do contain vulnerabilities that could compromise patients safety.

The report states that many of the NHS systems are outdated and require upgrading. This is a result of under investment and a deficit of the appropriate skills required to manage cyber security.

The vulnerabilities of the NHS were previously bought to light during the WannaCry attack in 2017 which was not a particularly sophisticated attack.

The report reveals that a significant attack could leave medical staff in the position of being unable to access patient data such as x-rays and blood results and therefore being unable to provide the required care. Furthermore the report signalled that the new being used such as AI and robotics needed to ensure that it had the proper cyber security in place to prevent access by hackers.

A number of initiatives have been proposed which will be implemented together a newly formed unit called NHSX that will oversea digital transformation.

9th July 

Before the ink has dried the ICO issued a further fine against the US hotel group Marriott International in the amount of £99.20M. This related to a data breach that was discovered in 2018 where 339M guests had their data compromised.

The data breach included 30 million records belonging to Europeans and false under the jurisdiction of the GDPR and the regulatory body in the UK the ICO.

The actual data breach emanated from Starwood who Marriott acquired three years prior to the data breach.

Marriott will also contest this fine which was imposed as the ICO found that they had failed to properly review Starwood’s data practices and should have made a greater effort to secure their Systems . The ICO stated that during the due diligence process of any acquisition it is important that consideration is given to any personal data that the acquired company may have in terms of  how this is currently being managed and how it will be post acquisition.

9th July

British Airways is facing a $230M fine from the ICO as a result of a data breach suffered by 500,000 customers last year.

The fine equates to £183.40M which is 1.50% of the British Airways worldwide turnover for 2017. The ICO after carrying out their investigation concluded the they had poor security procedures in place which caused the date breach. The ICO do have within their powers to fine an organisation 4% of their worldwide turnover.

It is understood that British Airways do intend to appeal against this decision.

The ICO’s Information Commissioner Elizabeth Denham stated that “People’s personal data is just that – personal” Furthermore “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it”.

British Airways are very disappointed by the decision and will be making representations to the ICO in the coming weeks.

June

24th June 

It has been announced that the United States Cyber Command carried out online attacks against an Iranian intelligence group who were believed to have helped undertaken the recent attacks against oil tankers.These attacks were allegedly planned a few weeks ago as a result of this conflict.

The cyber attack involved multiple computer systems being targeted which include those controlling Iranian missile launchers.

The Department of Homeland Security have recently stated that they have seen an upturn in cyber activity by Iran which could impact American industries and government agencies that could result in the loss of data of fraud.

21st June

The parent company of Eurofins Scientific Services  have reported that they were subject to a ransomware attack at the beginning of this month which has now been advised to the ICO.

The organization is the UK largest private forensic entity carrying out DNA testing , firearms testing and computer forensics. The police have as a result of this cyber-attack suspended work with Eurofins. 

It is not clear yet the extent of the attack but a full scale investigation is currently underway. many of their IT systems were impacted not only in the UK but around the world.

20th June

The Riviera Beach Council in Florida  have been hit by a ransomware attack as a result of a phishing attack when a member of the police force  clicked on an e-mail link which distributed malware encrypting nearly every city computer network.This included the 911 emergency system, e-mail on-line payments and payroll.

The council decided to to pay the 65 bitcoin ransom equivalent to $600,000. It has been revealed that the attack took place at the end of May and since then the council have paid $914,ooo for new computers affected by the cyberattack.

This follows another recent ransom ware attack on a US city council where Baltimore was subject to a similar incident however the ransom was not paid on this occasion. 

12th June 

One of the largest suppliers of airplane parts, ASCO has been subject to a ransomware attack that has ceased production in a number of countries.

This was first discovered in its Zavantem plant in Belgium where the IT systems were crippled. This resulted in 1000 of its 1400 employees being sent home across four countries, initially this was planned for a few days but is now going to be for a full week. 

ASCO provide parts for Airbus,Boeing,Bombardier and Lockhead Martin across airline and transportation sectors.

Information concerning the ransomware attack has been limited, as to whether the ransom has been paid and how the incident has been managed within the business.  

12th June 

The Spanish football league La Liga has been fined approximately £222,000 under the GDPR by the Spanish regulatory body AEPD.

The Spanish league’s official Andriod and iOS mobile app which once downloaded would once given permission to access the microphone to check to see the location of the user such as in a bar or pub. If it appeared that the user was in such a venue the software would check to see if the appropriate subscription of that venue was in place and had a commercial subscription in place.

AEPD stated that La Liga did not inform users about this monitoring practice and should have sought permission and that they were collecting the personal data of users. Whilst the app did have in place a process where permission was required to access the microphone users were unaware of what data may have subsequently been utilized. This is insufficient and in contravention of GDPR, it is understood that La Liga will appeal this decision.

11th June

A MiniDisc archive owned by the frontman Thom Yorke of Radiohead has been hacked whereby a $150,000 ransom demand was made for the recordings to be returned.

The band have subsequently made the recordings available with the proceeds to go to climate activists Extinction Rebellion. Fans were offered these files as a number of tracks were of historical interest and would have been a welcomed addition to many Radiohead fans record collection.  

11th June 

It has been revealed that photos of travelers and licence plates images have been compromised as a result of one of the sub-contractors’ of the US Customs Border Protection being subject to a cyber – attack.

The incident has affected about 100,000 individuals with information obtained when photographs were taken of travelers whilst entering and exiting the US at a border point over a period of one and half months..

The matter was discovered when the sub-contractor transferred photographs of licence plates and travelers images to its own network without the agency’s prior knowledge.

This highlights the important of there being robust cyber security in place for an organizations supply chain.

May

31st May

Leicester City Football Club’s website has been compromised which has resulted in customers having their financial details  stolen.

Hackers have apparently taken details that include credit card numbers and CVV’s. It is suspected that  Magento malware was utilised in the attack and that this originated from a third party website used by the football club.

It has not been disclosed how many customers were affected by this attack, a number of incidents have been reported where fraudulent transactions have subsequently been made.

22nd May

BBC Watchdog has discovered that the personal information of many TalkTalk customers that were subject to the 2015 cyberattack are available online via a simple internet search.

The data that is available online includes email addresses, dates of birth and mobile phone numbers. It was also ascertained by the ICO that many of these customers had not been notified that their details had been stolen in the original data breach.

20th May

Suspected hackers believed to be responsible for the GozNym malware attacks on a number of US and Canadian banks have been charged by US prosecutors.

It is understood that they tried to steal $100M in April 2016 where infected electronic invoices were distributed to customers around the world.

15th May

Many Russian government officials have had their passport data posted on-line. It has been revealed that up to eight government websites have been compromised where data has been exposed.

A number of officials are understood to be high profile individuals with a total of approximately 300,000 leaked entries being at risk.

14th May

It has been announced that a zero-day vulnerability has been located on WhatsApp which has permitted hackers to listen into users groups.

Spyware was installed which allowed users chats to be exposed when microphone and cameras were accessed.

Facebook who own WhatsApp have now patched the software and have asked all users to update the app.

8th May

The city of Baltimore in the US has been hit by a ransomware attack that has resulted in a shut down of many of its computers servers which has been implemented to safeguard further damage.

The ransomware virus has yet been unidentified which has attacked critical public systems that includes the fire department and emergency medical services paralysing the city.

This is not the first time that the city has been hit where a similar ransomware attack was carried out last March which restricted 911 calls.

2nd May

Austrian construction firm Porr have suffered a cyberattack on its communication infrastructure where its telephone lines and-mails were severely disrupted.

It is believed that this was caused by a virus and an investigation is underway in order to determine how this managed to get through the firewalls of the organisation. 

1st May 

It is understood that that the German based IT services provided CityComp has been subject to a cyber attack which appears to have compromised clients data. 

The attack was ransomware based demanding a ransom of $5,000 which threatened to release this data. The financial information of clients such as Ericsson, Toshiba and BT are believed to be at risk.

The hacker seems to have had access to CityComps systems for over a month before they were discovered.The hacker has since published the dat on the Dark Web which includes names and e-mail addresses, meeting notes with clients and details of confidential projects.

April

20th April

It is understood that a number of employee accounts of Wipro have been hacked as a result of a phishing attack. Despite this the Company Secretary has reassured investors that no critical business operations have been impacted.

Wipro are an IT services provider appear to to have been subject to a systematic cyber attack over a period of months which was a zero day attack. The intrusion was discovered when a forensic investigation was undertaken on their computer network.

3rd April

A recent test of the cyber defence capabilities of U.K. universities has revealed that hackers are able to gain access to their computers within two hours which would put confidential data at risk.

The tests were able to access personal data finance systems and research networks. Penetration tests were carried out on over 50 universities. The attacks were carried out by ethical hackers working for Jisc (formerly the Joint Information Systems Committee) and the Higher Education Policy Institute which demonstrated 100% success in breaching the cyber defences that were in place.

Universities have been targeted in recent years with over 1000 attacks taking place in last year alone.

3rd April

It is believed that Iran have been responsible for cyber attacks undertaken against the Post Office and a number of local government networks.

The attacks occurred just before Christmas with in excess of 10,000 records being taken which included e-mail addresses, postal addresses and phone numbers.Other entities were affected varying from private businesses to banks . It is possible that the Revolutionary Guard group of Iran were behind these attacks.

1st April

Toyota have suffered a data breach where hackers gained access to their IT systems and sales information of over 3 million customers.

it is understood that Toyota have undergone an audit of their systems in order that they can analyse where improvements can be made to help avoid a reoccurrence of a further data breach.

March

28th March

ASUS, one of the world’s laregest computer makers has unbeknownly installed a malicious backdoor on many of its customers computers. 

This occurred last year when hackers compromised a server being used for their live software update tool. It is understood that the malicious file did have a legitimate certificate which made it appear to be an authentic software update.

It is believed that half a million users of Windows re dived the malicious code through the ASUS update server.

This is a good example of a supply chain cyber attack which is a growing concern to businesses.

21st March

The Police Federation of England and Wales (PFEW) the trade union for police workers has been subject to a ransomware attack. It is believed that the attack was not aimed specifically at the organisation but more of an opportunist attack.

The HQ in Surrey where the attack was discovered believe that no data has been compromised. The PFEW are however notifying the 120,000 individuals. The ICO have also been informed of this incident.

19th March

Norse Hydro who are one the biggest aluminium producers in the world have been hit by a ransomware attack that began in the US. It is understood that as a result of this attack a number metal extrusion and rolled plants were shut down.

The virus that caused this is known as LockerGoga which is new strain of ransom ware that encrypts the files of computers subsequently locking them and making s demand for a monetary ransom.

The company intends to restore the systems from their backup and it would that the ransom would not need to be paid. 

The cyber attack has impacted on the share price of the company which initially fell when this was revealed.

13th March

Kathmandu, the outdoor clothing retailer has been subject to a breach of its on-line shopping portal where customers personal data may have been compromised.

it is not known how the cyber attack occurred but an investigation is underway in order to ascertain how this took place.

6th March

Iran have been behind a series of cyber attacks over the past couple of years which have centred around the Middle East and the US affecting in excess of 200 companies.

Microsoft announced this news earlier this week with hackers stealing corporate information and wiping data from computers. No particular sector was targeted with a wide spectrum of businesses being impacted.The group behind these is thought to be Holmium which are an established hackering group.

6th March

It has been revealed that hackers from China have been targeting universities in the US in order to steal military information. Universities known to have been targeted have been Massachusetts and Washington.

The focus of the hackers was believed to be maritime technology being used for the military. Access was obtained by phishing attacks where the networks were compromised.

The hacking group behind these attacks are thought to be Mudcarp Leviathan APT40 or Temp Periscope.

5th March

North Korean hackers are believed to be targeting critical infrastructure in the US. McAfee have released a report recently which states that almost 80 US business have been targeted relating to telecoms energy and defence.

Interestingly this appears to have occurred during President Trumps summit with Kim Jong Un.The US have apparently been aware of this activity.

Banks have also been targeting which is believed to be to acquire funds due the sanctions currently imposed on the country.

February

13th February

The Bank of Valetta in Malta has been hit by a major cyber attack which resulted in the bank being shutdown. It is understood that cash machines, mobile banking and e-mail services were impacted by the attack.

Hackers tried to steal 13 million euros from the bank via transfers to other banks around the world. Despite this no customers have had their bank accounts compromised.

A number of local businesses were affected by the cyber attack who relied on the processing of bank card payments.

The bank is working to get their systems back up and running as soon as possible.

9th February

Hackers have gained access to the Australian Parliament’s computer network however it does not appear that data has been stolen.

All users have been asked to changed their passwords and an investigation is underway.

It is believe.d that a state actor may be behind the attack with China one of the potential countries as they have been attempting to influence Australian politics for sometime. With elections due to take place shortly Russia could also be considered as the country behind the attack in view of the rumours that circulated during the last American presidential elections.

1st February

Metro Bank has fallen victim to a cyber attack that we have not readily seen before.

It is understood that hackers tracked mobile phones remotely and intercepted SMS text messages used as 2- Factor Authentification in real time. They were then used to log into the users bank accounts and insert new sessions thus being able to steal data and track the indivuals movements.

The flaw was exploited in SS7 which is a protocol used by telecoms in order to coordinate how they route calls ans SMS messages.

Metro Bank have stayed that only a small number of customers have been affected by this new form of cyber attack.

January

30th January

Airbus have disclosed that they suffered a security breach which resulted in unauthorised access to data.

As a result of this personal data was accessed being mostly professional contact and IT identification details of their employees.

An investigation is underway so that the cause of the breach can be determined.

Airbus announced that there was no impact to its commercial operations. The ICO have been notified inacoordance with the GDPR regulations.

21st January

France’s data protection regulator the CNIL has fined Google E50million for non-compliance of GDPR regulations and is by far the largest fine issued under these new regulations.

The company did not provide enough information to its users about its data consent policies and did not give sufficient control about how the information was utilised.

It is understood that Google will make an appeal against this fine.

17th January

A fake BBC News webpage has been set up by hackers aimed to convince users to part with money.

The page shows a bitcoin themed documentary previously broadcast by Panarama last year inc,using links on the page directing visitors to site promising to make them millionaires. It is understood that the fake page is spread via e-mails sent from hacked accounts.

The City of London Police’s cybercrime team has warned consumers to be aware of such scams.

16th January

An Israeli network researcher Noam Rotem has revealed that travelers around the world were found to be susceptible to a security vulnerability on an on-line flight ticket booking system.This system allows hackers to access and amend their flight details and to access their frequent flyer miles.

The on-line booking system is Amadeus which is utilised by 141 airlines around the world today including a number of major airlines it is however understood that Amadeus has now fixed the issue with additional security measures being implemented.

8th January

Customer credit card and personal data has been stolen from individuals who bought Lenovo laptops or Motorola mobile phones as hackers published details on-line.

This is as a result of the company being hacked on New Years’ Eve, the attack was claimed by the New World Hackers. The reason behind the attack was to test the organisations cyber resilience.

The ICO are monitoring the situation and it data breach has taken place formal notification will need to be made.

7th January 2019

Personal data from hundreds of German politicians and public figures have been accessed and released on-line.

The information disclosed included private e-mails, telephone numbers, holiday photos of MP’s which and celebrities which found their way onto Twitter.

The data has been released over regular intervals since December but this was however only discovered recently.

It is not known who carried out the attack but Russia is suspected to be the source.

4th January 2019

It has been revealed that the website for Dublin’s tram system has been subject to a ransomware attack where hackers demanded one bitcoin ransom.

The Luas website was taken down by the IT company who services it so that they could try and resolve the cyber attack.

2nd January

Hackers have threatened to release data relating to the 9/11 attack on the World Trade Centre. These are confidential litigation documents concerning a number of high profile insurers.

The hacking group know as the Dark Overlord have documents which they have intimated that they will release on the “KickAss” dark web if their ransom demands are not met.

It is understood that 18,000 documents were stolen from a firm of US lawyers involving the insurer Hiscox. Hiscox have informed the policyholders of the incident.

Image : Shutterstock