March has been recorded as a month with lower-than-average records leaked per data breach, but that’s in no way reassuring. In fact, there was an exceptionally high number of breaches – 151 – during the month, and the reason that there were lower data record numbers recorded was in fact because of a surprisingly high number of incidents in which the affected entity could not determine how many records had been breached. This is a huge concern for cybersecurity – not only leaky databases and breaches records, but improper protocols and tracking, which means the impact of the breach is hard to properly calculate. Food for thought for businesses, as in the event of a cyberattack, you have a responsibility to determine what records have been affected, and disclose that information to the Information Commissioner’s Office (ICO). Are your systems robust enough? If you need help on traceability, speak to our team on 01453 700 800 for advice.
In the meantime, here’s the top Cybersecurity stories from March that you might have missed…
Microsoft Exchange Servers breached
Four zero-day vulnerabilities in Microsoft Exchange Servers were being actively breached by a state-sponsored threat group from China, impacting businesses around the globe. Microsoft was made aware of these vulnerabilities in early-January, with exploitation and unusual activity starting just hours later. At the beginning of March, Microsoft issued security patches, but so far, not all have been applied, and more and more victims are stepping forward. The attacks to date have been specific and focussed, so not all businesses have been affected. If you have a Microsoft Exchange Server onsite within your business, or make use of one in your systems, the advice is to update the security as fast as possible, and ask your IT company to check it has not been breached.
If you use Microsoft 365, and have installed it via Eurolink, then there is nothing for you to do. This has not been affected, and also we make sure the migration is to a secure hosted system when we onboard your data.
Boris boosts cyber
The Prime Minister has announced a new ‘cyber corridor’ in the North of England, which will bolster the UK’s cyber capabilities. A new UK National Cyber Force (NCF) will lay out “a new cyber strategy to create a cyber ecosystem.” The NCF review will “set out the importance of cyber technology… whether it’s defeating our enemies on the battlefield, making the internet a safer place or developing cutting-edge tech to improve people’s lives.“ Read the full announcement…
FatFace angers customers and fails PCI compliance
Despite UK laws (Payment Card Industry Data Security Standard – PCI DSS) that prevents the storage of customer card details following a transaction, a data breach at FatFace has highlighted that they are not in fact PCI compliant, raising more questions about their general IT security too. They advised customers of a data breach including customer’s full names, home addresses, email addresses, and partial card details. The payment card details included the last four digits and the card’s security verification code. Not only were they storing information that they shouldn’t be, but it took the company more than 2 months to advise their customers of the breach. The company also reportedly paid £1.5million in ransom to try to prevent the files from being released.
FBI warns of Business Email Compromise (BEC) impact
Despite dominating cybersecurity headlines, the Federal Bureau of Investigation (FBI) is warning that ransomware is nothing compared to the impact of Business Email Compromise (BEC). According to their annual cybercrime report, BEC cost US businesses $1.8billion in 2020 (or $2.1billion if you include spoofing scams), compared with $29million to extortion / ransomware. That makes BEC 64 times as financially detrimental as ransomware!
NHS boss loses access to Twitter and money to scammers
Although many people find it so annoying that they just don’t activate it, Multi-Factor Authentication is a great way to significantly reduce your cybersecurity risk. As this story can attest, it really is one of the most important defences in your cybersecurity protocols! NHS executive Helen Bevan lost access to her two twitter accounts with a combined 140,000 followers, which were in turn used to promote fake PlayStation 5 console sales, losing money for many of her followers. She mistakenly believed she’d turned on the 2-Factor Authentication, but hadn’t, leaving her accounts vulnerable to hacks. The hackers then changed her password, email address and account name, removed all the people she was following and replaced them with other accounts, all to promote the PS5 sales. When she finally regained access to her accounts a couple of days later, she then had to explain to the victims who’d ‘purchased’ a fake PS5 that she was a victim too. What’s worse is that in an attempt to regain access to her account, Bevan also paid an ‘expert’ to fix the problem, but he turned out to be a scammer too!
Russian pleads guilty to Tesla ransomware attempt
As a stark reminder that your employees will always be the weakest link in your cybersecurity chain, a Russian hacker has pleaded guilty to an attempt to hack Tesla with ransomware, by offering an employee a $1 million bribe to plant the ransomware in the computer system of the Nevada battery plant. Thankfully, the attack was prevented after the employee told Tesla of the plan, who involved the FBI and taped the conversations. Kudos to this employee, but don’t forget that the human touch will always be your weakest link – human error, corporate espionage, blackmail, and in this case bribery, can all put your systems at risk! Make sure you have protocols in place to minimise the impact.
Police warn not to use SciHub
As students continue to utilise online learning and education platforms to help further their education at home, police are warning not to use the SciHub platform. The site works by allowing illegal access to millions of scientific papers, however there are concerns that the russia-based website is in fact being used to access and misuse student’s personal data.
Live feed of 150,000 security cameras hacked
The live feeds of more than 150,000 Verkada security cameras have been hacked, including those used inside businesses, schools, police departments, and hospitals. This enables the hackers to view through any camera they choose, and they’d also obtained details of customer contacts and the sales invoices.
Criminals arrested after trusting encrypted chat app
Although we’re obviously delighted that more than 80 criminals were arrested by police in the Netherlands and Belgium, this story highlights the true anonymity of the internet and the fact you may be completely unaware who you are chatting to online. Europol infiltrated the SKY ECC encrypted communication platform and used it to identify organised crime, before executing a series of simultaneous arrests of more than 80 people. It is believed many of the users migrated to the app after EncroChat was shut down by authorities last year.
Sadly, this list doesn’t even scratch the surface of the major stories for the month. Others include:
- Home Office announce that overseas aid tender details have been breached
- University of Highlands and Islands is trying to recover from a cyberattack
- Pupils coursework destroyed at Bedfordshire Schools following cyberattack
- Ransomware attacks affect 15 schools in Nottinghamshire, Schools in South Gloucestershire, and Birmingham Colleges
- Solicitor caught dumping client files in the street
- MOD files exposed by staff sending files to their personal email accounts
- Details of vulnerable children in Birmingham uploaded to City Council website.