November was an interesting month in terms of cyber security. Research has discovered that hotel receptions are a hotbed for hackers and the cyber security skills shortage is near breaking point!
Read more about what was going on in the world of cyber security below:
Disney+ platform hacked within hours
Disney launched its new platform Disney+ offering streaming of its own brand content, including Star Wars and Marvel productions, but found that data had been breached within hours of the new platform being up. Users, who subscribed to the platform found their details for sale on forums for as little as £2.30 / $3 just hours after signing up.
Hotel receptions are a hotbed for hackers
Research has shown that hotels, restaurant chains and other tourism related organisations have been subject to a range of cybercrime techniques. Point-of-Sale terminals have been compromised on a number of occasions to harvest guest data as well as phishing emails being sent to staff for hackers to try and gain access to the main internal systems. Kaspersky advised that when making a reservation with an OTA it is essential to use a virtual wallet as these normally expire after one charge, meaning you don’t have to worry about any of your details being compromised.
Cyber security skill shortage near breaking point
With so much uncertainty around Brexit, the UK is experiencing a widening cyber skills gap which is ultimately putting the country’s businesses at risk. This comes from research conducted by cyber security consultancy RedSeal, which ran an online survey with IT decision-makers in the UK. The findings revealed that 95% of CIOs and IT professionals agreed that the UK’s stalled exit from the EU is widening the skills gap. 87% of these also reported that they’re struggling to find cyber security professionals with the expertise to tackle organised online crimes.
Extensive hacking operation discovered in Kazakhstan
A recent report found that an extensive hacking operation was exposed in Kazakhstan. The report by Chinese cyber security vendor, Qihoo 360 found that the operation was targeting individuals and organisations involving all walks of live including government officials, military personnel, journalists, private companies and many more. The campaign was thought to have been carried out by a threat actor with considerable resources.
Cyber crime site selling hacking tool taken down
A cyber crime site selling hacking tools to cyber criminals in 124 countries has been taken down following an international investigation. The website was responsible for providing a hacking tool that gave full remote-control access of victim’s computers and once installed could enable hackers to disable anti-virus software, steal data or passwords and even watch victims through their webcams. The international operation was led by the Australian Federal Police as well as support from the UK National Crime Agency.
TSB concludes boardroom failings resulted in IT meltdown
A report from UK bank TSB found that the IT meltdown in April last year, in which more than 2 million customers were locked out of accounts and subjected to fraud attacks, came as a result of failings in the Boardroom and a lack of testing. The bank was attempting to move customer accounts to a new platform, but an independent report from law firm Slaughter and May found that bosses did not do enough to challenge those in charge of the upgrades, saying that bosses showed a lack of common sense. The report also found that corners were cut during testing, exacerbating the problem.
According to a report from Ofcom, Vodafone receives the most complaints from customers regarding its internet, receiving 30 complaints per 100,000 customers. The national average is 13 complaints per 100,000 so Vodafone is operating at almost double the national average. The most complained about mobile provider was Virgin with 8 complaints per 100,000.
Election Websites Hacked
Managing cyber security risk is all about minimising the specific risk to your business, not to follow general guidelines for security. Leaked documents have found that the Labour Party was relying on just a £20-a-month basic security package to protect the website when the website was hacked - not nearly adequate enough for its risk. Following the attacks, which experts highlight was a DDoS attack, Labour is reported to have considered upgrading the security, but decided not to on the grounds of cost. Security officials have raised concerns that this election is susceptible to influence from foreign hackers as news also spreads that both the Conservatives and Liberal Democrats have been hit by similar attacks.
Trend Micro incident highlights employee risk
The weakest link in the cyber security chain is people, with mistakes and criminal acts both presenting a risk to your data. Trend Micro became a victim of the latter earlier this month after finding an employee fraudulently accessed customer service records and sold on circa. 100,000 customer account details to fraudsters who made calls and requests for money from customers. It has been deemed an inside job with the company commenting "Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls".
ICO demands better controls of biometric tech
The Information Commissioners Office has demanded a new statutory code is brought in to regulate and monitor the use of facial recognition technology. The tech, which is used by organisations such as the police, and which the ICO dub as 'invasive', is considered to be a threat against personal privacy and the ICO want its use to be regulated.