Cyber Newsround 2020

Cyber risks are developing all the time and with this comes new threats to individuals and to organisations , the cyber threat landscape will evolve again in 2020.

March

31st March

Marriot International Hotels have revealed that they have had another significant data breach which may have impacted up to 5.2 million guests.

Its seems that the log – in details of two employees were used to access guest information. The information that may have been compromised would have been names and addresses , e-mail addresses and loyalty account information. It does not appear that payment card information was compromised.

The hotel has informed its customers and have offered data monitoring services for a year.

30th March

Chubb Insurance have been subject to ransomware attack with the Maze ransomware group claiming responsibility.

The group claim that they have encrypted the insurers computer systems  and will disseminate the data that they have taken if the ransom is not paid.

Chubb have advised that they have no evidence of a data breach and are currently investigating the incident.

19th March

Brno University Hospital in the Czech Republic has been hit by a cyber attack with the hospital having to shutdown its computer systems.

This hospital is one of the largest COVID-19 testing sites and curtailed important research being carried out with patients having to be moved.

There are limited details available of the attack but it is recovering and should be fully operational again shortly.

4th March

Members of the Boots Advantage loyalty scheme have been unable to use the points system to purchase goods due to hackers attempting to  real into their accounts.

Boots are dealing with this situation and have closed down the website but their own system has been unaffected.

This impacted only 1% of the 14.4 million active users which is about 150,000 people. It is understood that no credit card details have been compromised.

The attack is known as “password stuffing” where hackers use stolen passwords in an effort to access accounts on the premise that individuals do on occasions use the same password on a number of accounts.

February

28th February

Decathlon the sporting outlet have suffered a significant data breach which compromised 123 million users and employees.

It is believed that the data was caused as a result an unsecured ElasticSearch server that was discovered on February 12th. The data is understood to be mostly of employees rather than customers. The data  includes user names passwords and e-mail addresses.

24th February

Maastricht University in the Netherlands has been the subject of a ransomware attack. The university paid a ransom of $220,000 in bitcoins in order that they could restore critical computer systems.

The attack impacted files, e-mails and back-up servers with the network having to be closed down.This impacted on research and commercial operations.

It is believed that the Russian cyber crime group called TA505 were responsible for the attack gaining access via network topology data usernames and passwords. The ransomware variant was Clop and was first discovered in February but it is believed that the attack originated at the end of last year.

10th February

The United Nations has revealed that the information of 4,000 staff has been compromised which allegedly began in July 2019.

It is understood that the hackers gained access via a Microsoft Sharepoint vulnerability which lead to the entire European IT system being compromised. The information accessed is believed to be commercial contract data and health information. The data consisted of 400 gigabytes of personal information.

Technicians within the UN are investigating how this occurred and implementing measures in order to prevent this happening again.

7th February

The IT Systems of the Irish bus and train operator Translink have been targeted by hackers. It is believed that a ransomware attack took place but no data has been assessed. Their systems were however in “lockdown” for a period but the company was able to run services without interruption.

The matter has been reported to the National Cyber Security Centre who are investigating the cyber attack.

January 

23rd January 

Mitsubishi Electric Corp has been subject of a cyber attack  which is believed to have been carried out by a Chinese hacking group.

Information relating to government agencies and various business partners was targeted in the attack. In addition to this personal data of over 8,000 employees and a number of graduates was also compromised.

It has not been revealed what type of attack took place and a full investigation is underway.

22nd January 

A member of the Amazon management team has had his mobile phone hacked. This apparently was carried out in 2018 after receiving a WhatsApp messsage that had been sent to the personal account of the crown prince of Saudi Arabia.

It is believed that the encrypted message included a malicious malware file which attacked the mobile phone. As a result of this a large amount of data was accessed within a short space of time but it is not know what data was actually compromised but it did allegedly include details of an extramarital relationship.

This attack has been denied and that the mobile phone of this individual was specifically targeted member with the suggestion that this was in fact a “rogue” operation.

20th January 

An NHS employee has been sacked as a result of hacking into the Royal Stoke University Hospital  where it is understood that 10,000 confidential patient and employees records were downloaded. It was revealed that the was carried out in 2017.

A subsequent attack was carried out by the same individual and the help of another employee where 8,895 images of cardiac tests and hundreds of employees details where accessed together with management information.

Access was obtained as on e of the employees held admin rights  in the heart and lung department. A court case  has recently been taken place where the employee was found guilty under the Computer Misuse Act 1990.

7th January 

Travelex , the foreign exchange company have been hit by a ransomware attack which has resulted in the firm having to switch off their computer systems. The ransom is believed to be $6,000,000.

It is understood that the attack originally took place on New Years Eve and resulted in them taking down their websites across the 3o countries that they operate in throughout the world. The ransomware strain is known as Sodnokibi.run by the REvil hacker gang.

Data has been accessed which includes dates of birth , national insurance numbers and credit card information.

The Metropolitan Police have been alerted and and investigation is under way.

6th January 

The London Stock Exchange (LSE) recently suffered a significant outage, however the UK government suspects that this may have been caused by a cyber attack.

The market was delayed by an hour and half and was the largest outage in over 8 years.The outage is believed to have been a technical software issue which prevented trading from taking place.

GCHQ is reviewing the incident and in particularly the software code that caused the outage and to ascertain whether a cyber attack was behind this incident.

6th January 

It is believed that Iran has launched a series of cyber attacks aimed at low level American organisations in response to the US killing of an Iranian commander..

A reported attack was carried out on a federal government by the Iran Cyber Security Group who left a text on the website of the Federal Depository Library Program with images left that on the website with a tribute to the individual that was killed.

The US expects that further attacks will take place in the coming weeks and months..