04 July 2019

IRM Weekly Cybersecurity Roundup: Wiltshire Council cyber-attacks and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

IRM launches Risky Business Survey 2019

“Risky Business” is IRM’s annual survey which targets budget holders in the cyber and risk management. Why? We think it’s important to conduct research so we can present back the key insights, thoughts and trends from professionals like you.

Those who complete the anonymous survey can opt to receive the completed Risky Business report in return and can enter a prize draw to win a £100 Amazon gift card (T&Cs apply). Learn more about the survey or take part here.

Wiltshire Council hit by 90,000 cyberattacks a day after Novichok poisonings

After the Novichok poisonings in March last year – poisoning five people and claiming the life of one – Wiltshire Council has become the subject of a mass amount of cyber-attacks.

Executive Director, Alistair Cunningham, said ‘In the hottest days, we receive over 90,000 attacks a day’. The attacks occurred in the first 5 months after the poisonings and were so strong that the Council had to urgently ask for help from GCHQ.

GCHQ said the attacks were ‘well-coordinated’ and 90% of them came from outside Britain. Most of the attacks aimed to break through the firewall, go into the internal network and pick up passwords to employee emails.

Staff were advised to disconnect and lock Bluetooth devices such as mobile phones, tablets and fit-bit bracelets, during work meetings.

You can read more here.

US Cyber Command warns of hackers exploiting Outlook

US Cyber Command has reported that threat actors are making “active malicious use” of 2017’s Outlook Vulnerability ‘CVE-2017-11774’. The flaw is a sandbox escape bug in Outlook that allows an attacker (who already possesses the victim’s outlook credentials) to change the user homepage. In turn, the page can have embedded code that downloads and executes malware when Outlook is opened.

The bug was privately reported by researchers in 2017, but by 2018, it had been weaponized by an Iranian state-sponsored hacking group known as ‘APT33’ (or Elfin), who installed backdoors on servers and promptly pushed the flaw to Outlook users.

US Cyber Command have started issuing Twitter alerts to quickly spread security alerts about ongoing cyber-attacks, putting the US private sector on notice.

You can read more here.

YouTube’s ‘instructional hacking’ ban threatens cyber education

At the beginning of 2019, YouTube added hacking and phishing tutorials to its banned list. The crackdown has seen an ethical “white hat” hacking and computer channel hit with strikes, flagged videos and some videos that have been pulled completely with its series “Cyber Weapons lab”.

‘Hacker Interchange’ describes itself as an organisation dedicated to teaching beginners about computer science and security, but have found themselves being pinpointed as offering “harmful or dangerous content” by Google.

The ban has been put in place to help stop illegal behaviour, but comes with a downside for those trying to study computer security or interested in countering hacking and phishing attacks.

Luckily, the channel has since been reinstated after a YouTube Spokesperson explained it was a mistake and the rules allow depicting dangerous acts “if the primary purpose is educational, documentary, scientific, or artistic (ESDA).”

You can read more here.

Quick-fire Updates:

Cyber-incident from UK finance sector spiked 1,000% in 2018: A Freedom of Information request to the Financial Conduct Authority revealed that the number of declared events rose from 69 in 2017 to 819 in 2018, a rise of 1,000%. You can read more here.

A major PlayStation security exploit lets hackers use customer credit card info without the security code: An exploit on Sony’s network allows hackers to access users’ credit cards and apparently has been usable for five years. You can read more here.

Lloyd’s of London want clarity in insurance policies for cyber cover: Lloyd’s of London wants a clear insurance and reinsurance policy to state whether coverage will be provided for losses caused by cyber-attacks. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.

Risky Business 2019 Prize