01 March 2019

IRM Weekly Cybersecurity Roundup: UK Critical National Infrastructure under threat and more

Fancy getting the weekly roundup delivered straight to your inbox? Sign up to the IRM newsletter.

UK critical national infrastructure under threat

This week, it has been revealed that, last December, a major cyber-attack took place on the UK‘s national infrastructure. It is thought that over 10,204 data records were stolen and the incident affected the Post office and UK politicians. The attacks have been blamed on Iranian hackers as part of an ongoing campaign that has also hit other government officials and banks. The British security services have four separate security sources implying Iran’s involvement, but have not publicly confirmed their findings. This data could lead to a deeper attack, particularly on elections or impersonating government officials.

In further details of Iran’s engagement in the ongoing campaign against the West, the group, ‘The Manba Institute’, were flagged by the FBI in 2018. The Manba was charged with aggravated access to computer systems, wire fraud and stealing sensitive data. Microsoft have seized 99 websites used by Iranian hackers to launch cyber-attacks after taking a hacking group to court.

You can read more here.

UK universities hacked in under two hours

Over 50 universities in the UK were ethically hacked this week to test their cybersecurity defences. Pentesters from a technical consultancy carried out the attacks and were able to gain access to personal data, research networks and finance systems within just two hours. Some university networks were compromised in under an hour with the attack success rate being 100%.

The hackers used a variety of methods, the most common being phishing emails, reporting to offer free grants to students or ask them to update their bank details so that loans can be paid to gain entry for ransomware and malware.

The test was conducted as more than 200 institutions have been hacked over 1000 times in the last year in attempts to steal data or disrupt services. The universities that were part of this ethical hack held a mass amount of personal information about their students, along with a great deal of data on sensitive research.

There is now a call for greater urgency in improving cybersecurity from MPs and peers on the joint committee of the National Security Strategy. A Universities UK spokeswoman said “university leaders were working with the NCSC to help improve and strengthen security practices to better protect the sector from cyber threats”.

You can read more here.

How can your car be hit by a cyber-attack?

Cars now have the ability to guide you through unfamiliar cities and find available parking spaces, the ease of driving has never been simpler, but it does come with a downside. The amount of data and information that is shared through Bluetooth, sat navs and smartphones could entice hackers to infiltrate your car.

There is also a chance that cybercriminals can hear what’s going on thanks to the microphones in your cars or those synced via mobile devices. With all this information, criminals could hack in and gain access to all synced personal data including addresses and mobile numbers. This data can then be sold on, used as blackmail or hackers could even use ransomware to lock you out of a car or prevent it from being driven.

It has been proven that cars can be hacked into quite easily back in 2015, where ethical hackers were able to send commands to the controller area network and operate the cars functions.

But don’t worry, governments are working with car industry leaders, publishing a cybersecurity standard in December 2018 to “improve the resilience and readiness of the industry”.

There is deterrence in place to help you defend against cybercriminals including:

  • Turning off your car Bluetooth and Wi-Fi when you’re not using them
  • Never leave the default password given to you on built in Wi-Fi systems.
  • Never leave passwords lying around
  • Make sure all apps downloaded on your smartphones that have your card details have password protection
  • Check for updates with your car manufacturer on a regular basis for any software updates or issues.

You can find out more information here.

LockerGoga strikes again

Two weeks ago, the Norwegian aluminium plant ‘HYDRO’ fell victim to a ransomware attack after the program LockerGoga gained access and shut down an assortment of plants. Just a couple of days later, two US chemical plants ‘Momentive’ and ‘Hexion’ announced they had to shut down their IT systems due to a cyber-attack which has also been revealed to be down to LockerGoga.

Investigators have announced they aren’t entirely sure how the ransomware got into the systems, but claim there are several possibilities ranging from stolen remote desktop credentials, phishing and targeting undated or patched software.

Momentive and Hexion are both owned by the public equity firm Apollo Global Management, but do work on separate networks. Luckily, they were able to contain the attack and continue to operate safely without large interruption stating that “the incident had primarily affected corporate functions and have taken step to restore networks and resume normal operations as quickly as possible”.

They explain: “‘The company has found no evidence that any customer, supplier or employee information was accessed or infiltrated during this incident, or that any customer or supplier systems or data outside the company’s network have been impacted”.

Both companies implemented its business continuity plan as soon as the incident was discovered to isolate the issue. They are now working to minimise disruption with customers and suppliers.

You can read more here.

Quick Fire Updates:

We’re slowly getting there, but some are still at risk: While more firms are prioritising cybersecurity, there are still a percentage that class it as low or very low priority, this includes charities and hospitality sectors. Read more here.

More issues with Facebook, as user records are found on unprotected Amazon servers: Researchers have discovered two data-sets filled with half a billions Facebook users records unprotected, including names, plain-text passwords and email addresses of over 22,000 people. Read more here.

Regulations for IoT are in force, so why isn’t the US healthcare following them? Hospitals and doctors are failing to embrace changes in device cybersecurity, even after examples of hacks against pacemakers and infusion pumps, believing that cyber-attacks aren’t a threat. Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.