Cyber Newsround 2020

Cyber risks are developing all the time and with this comes new threats to individuals and to organisations , the cyber threat landscape will evolve again in

May

14th May

It has been revealed that the UK’s energy system has been victim of a cyber attack that focused on the IT infrastructure which runs the electricity supply.

Elexon, who are the electricity administrator and monitors the electricity generates made this announcement and were carrying out an investigation.

The cause of the attack has been identified and is being worked on in order to rectify the issue.

13th May

Interserve and Bam Construct who have been involved in building emergency hospitals for the Cornavirus epidemic have been hit by cyber attacks.

Websites and computer systems as a result of the attack had to be shut down as a precaution.Some operational services were impacted but both companies were largely unaffected.

7th May

Go Daddy, one of the largest domain registrars has suffered a data breach which has compromised their web hosting account credentials of customers.

it is believed that the incident took place last year when the original disclosure was made to the appropriate authorities.Unauthorised when login credentials were obtained that enabled connection to SSH which was secure shell that is used by system administrators.

April

29th April

The Israeli government has revealed that their water supply and treatment have been subject to a cyber attack. As a result of this it has been recommended that all passwords should be changed on systems that are connected to the internet.

The areas of concern were the operational systems and chlorine control devices that hackers may try to access.

it is believed that an Islamic Hacktivist group were responsible for the attack

27th April

Warwick University has announced that it suffered a number of cyber attacks at the end of last year which has not been shared with the students.

Hackers accessed the University’s administrative network when a member of staff inadvertently installed remote viewing software which enabled the hackers to to steal personal information of students and teachers.It is not known what type of information was taken during the attack.

The ICO carried out an investigation which has recently been published.

April

20th April

Cognizant Technology Solutions has announced that they were the subject of a cyber attack over the weekend . This is believed to have been a Maze Ransomware attack.

A number of companies who are reliant on their technology services suffered service disruptions.

Maze are currently very active having targeted a number of high profile companies in recent weeks.

19th April

Another airport has been the subject of a cyber attack, The Vaclav Havel Airport in Prague has seen a number of attempts by hackers on their websites.

These attempts were detected in time with no loss of service or damage to the websites.

There is currently a trend in attacks on the Czech Republic however It is not known who this is but it is more than likely that these emanated from a nation state source.

16th April

It has been revealed that over 500,00o Zoom meeting account credentials are being sold on the Dark Web. credentials include companies such as Chase and Citibank and educational establishments  such as Dartmouth College and the University of Florida.

The details it is thought were obtained by previous “credential stuffing“ attacks and then subsequently posted on a number of hacker forums.

With Zoom being more so under the current circumstances this provides greater opportunity to attack these form of meeting providers. A number of companies are now using two factor authentication in order to increase security and improve password complexity.

15th April

Hackers carried out a cyber attack last month on SanFrancisco International Airport which is believed to have been carried out by the Russian group Dragonfly/Energetic Bear.

It understood that two websites came under attack when a malicious computer code was inserted in order to download users log in details. The users who may have been impacted were those utilising Internet Explorer on Windows based personal devices.

The airport announced that the issue was rectified almost immediately with the airport now operating normally.

11th April

Hackers have stolen £2.4M from a museum after pretending to be an art dealer for a John Constable painting.

It is understood that e-mails we’re intercepted  between Rijksmuseum Twenthe in the Netherlands and a London art dealer who were arranging the sale of Constable’s 1824 landscape of A View of Hampstead Heath : Child’s Hill , Harrow in the Distance.

The hacker posing as the art dealer instructed the museum to pay the money into a bank account in Hong Kong.

4th April

It has been revealed that a hacker gained access to Escrow.com via the domain servers GoDaddy as a result of a spear phishing attack. A number of other accounts were it is understood compromised in the same attack.

The homepage of Escrow.com website was defaced with a message placed by the hackers demonstrating their successful attack.

The hacker replaced the original DNS’s from a legislate server to their own malicious ones. It is understood that no data has been lost with the issue now being resolved.

March

31st March

Marriot International Hotels have revealed that they have had another significant data breach which may have impacted up to 5.2 million guests.

Its seems that the log – in details of two employees were used to access guest information. The information that may have been compromised would have been names and addresses , e-mail addresses and loyalty account information. It does not appear that payment card information was compromised.

The hotel has informed its customers and have offered data monitoring services for a year.

30th March

Chubb Insurance have been subject to ransomware attack with the Maze ransomware group claiming responsibility.

The group claim that they have encrypted the insurers computer systems  and will disseminate the data that they have taken if the ransom is not paid.

Chubb have advised that they have no evidence of a data breach and are currently investigating the incident.

19th March

Brno University Hospital in the Czech Republic has been hit by a cyber attack with the hospital having to shutdown its computer systems.

This hospital is one of the largest COVID-19 testing sites and curtailed important research being carried out with patients having to be moved.

There are limited details available of the attack but it is recovering and should be fully operational again shortly.

4th March

Members of the Boots Advantage loyalty scheme have been unable to use the points system to purchase goods due to hackers attempting to  real into their accounts.

Boots are dealing with this situation and have closed down the website but their own system has been unaffected.

This impacted only 1% of the 14.4 million active users which is about 150,000 people. It is understood that no credit card details have been compromised.

The attack is known as “password stuffing” where hackers use stolen passwords in an effort to access accounts on the premise that individuals do on occasions use the same password on a number of accounts.

February

28th February

Decathlon the sporting outlet have suffered a significant data breach which compromised 123 million users and employees.

It is believed that the data was caused as a result an unsecured ElasticSearch server that was discovered on February 12th. The data is understood to be mostly of employees rather than customers. The data  includes user names passwords and e-mail addresses.

24th February

Maastricht University in the Netherlands has been the subject of a ransomware attack. The university paid a ransom of $220,000 in bitcoins in order that they could restore critical computer systems.

The attack impacted files, e-mails and back-up servers with the network having to be closed down.This impacted on research and commercial operations.

It is believed that the Russian cyber crime group called TA505 were responsible for the attack gaining access via network topology data usernames and passwords. The ransomware variant was Clop and was first discovered in February but it is believed that the attack originated at the end of last year.

10th February

The United Nations has revealed that the information of 4,000 staff has been compromised which allegedly began in July 2019.

It is understood that the hackers gained access via a Microsoft Sharepoint vulnerability which lead to the entire European IT system being compromised. The information accessed is believed to be commercial contract data and health information. The data consisted of 400 gigabytes of personal information.

Technicians within the UN are investigating how this occurred and implementing measures in order to prevent this happening again.

7th February

The IT Systems of the Irish bus and train operator Translink have been targeted by hackers. It is believed that a ransomware attack took place but no data has been assessed. Their systems were however in “lockdown” for a period but the company was able to run services without interruption.

The matter has been reported to the National Cyber Security Centre who are investigating the cyber attack.

January 

23rd January 

Mitsubishi Electric Corp has been subject of a cyber attack  which is believed to have been carried out by a Chinese hacking group.

Information relating to government agencies and various business partners was targeted in the attack. In addition to this personal data of over 8,000 employees and a number of graduates was also compromised.

It has not been revealed what type of attack took place and a full investigation is underway.

22nd January 

A member of the Amazon management team has had his mobile phone hacked. This apparently was carried out in 2018 after receiving a WhatsApp messsage that had been sent to the personal account of the crown prince of Saudi Arabia.

It is believed that the encrypted message included a malicious malware file which attacked the mobile phone. As a result of this a large amount of data was accessed within a short space of time but it is not know what data was actually compromised but it did allegedly include details of an extramarital relationship.

This attack has been denied and that the mobile phone of this individual was specifically targeted member with the suggestion that this was in fact a “rogue” operation.

20th January 

An NHS employee has been sacked as a result of hacking into the Royal Stoke University Hospital  where it is understood that 10,000 confidential patient and employees records were downloaded. It was revealed that the was carried out in 2017.

A subsequent attack was carried out by the same individual and the help of another employee where 8,895 images of cardiac tests and hundreds of employees details where accessed together with management information.

Access was obtained as on e of the employees held admin rights  in the heart and lung department. A court case  has recently been taken place where the employee was found guilty under the Computer Misuse Act 1990.

7th January 

Travelex , the foreign exchange company have been hit by a ransomware attack which has resulted in the firm having to switch off their computer systems. The ransom is believed to be $6,000,000.

It is understood that the attack originally took place on New Years Eve and resulted in them taking down their websites across the 3o countries that they operate in throughout the world. The ransomware strain is known as Sodnokibi.run by the REvil hacker gang.

Data has been accessed which includes dates of birth , national insurance numbers and credit card information.

The Metropolitan Police have been alerted and and investigation is under way.

6th January 

The London Stock Exchange (LSE) recently suffered a significant outage, however the UK government suspects that this may have been caused by a cyber attack.

The market was delayed by an hour and half and was the largest outage in over 8 years.The outage is believed to have been a technical software issue which prevented trading from taking place.

GCHQ is reviewing the incident and in particularly the software code that caused the outage and to ascertain whether a cyber attack was behind this incident.

6th January 

It is believed that Iran has launched a series of cyber attacks aimed at low level American organisations in response to the US killing of an Iranian commander..

A reported attack was carried out on a federal government by the Iran Cyber Security Group who left a text on the website of the Federal Depository Library Program with images left that on the website with a tribute to the individual that was killed.

The US expects that further attacks will take place in the coming weeks and months..