21 December 2018

IRM Weekly Cybersecurity Roundup: APT-10 accused of cyber espionage and more

This is the last IRM cybersecurity news roundup of 2018. We’d like to thank our readers and wish you all a very Merry Christmas and a Happy New Year! Be sure to keep up to date with cybersecurity over the Christmas period, but in the meantime, read over this week’s highlights, including some quick fire updates. Want the weekly roundup delivered straight to your inbox? Sign up to the IRM newsletter.

US and UK accuse China of cyber espionage

The US and UK authorities have alleged that a Beijing hacking group (APT-10) has led a two-year effort against the West and allies including Japan. It is thought the cyber espionage campaign has included targeting 45 American technology companies.

These claims come after the US justice department charged two Chinese nationals for conducting attacks on behalf of the Chinese Ministry of State Security. The attack involved stealing technology related to various industries including aviation, factory automation and consumer electronics.

The Chinese Government has denied any involvement in the theft of commercial secrets.

You can read more here.

NASA warns staff of possible stolen personal data

An internal memo sent this week warned NASA employees of an unknown intruder who infiltrated their systems in October, potentially accessing personally identifiable information (PII).

The investigation has shown that one of the servers accessed by the hackers held Social Security numbers of former and current employees.

Concerns have been raised over the amount of time it has taken NASA to inform employees. The two-month gap between discovery and announcement means employees could have been victims of identity theft.

This isn’t NASA’s first cyber-attack. AnonSec was able to bring down a drone worth $222 million in 2016. Flight videos and employee data were also comprised and ‘dumped’ on the web. NASA is now working with ‘Federal cybersecurity partners’ to examine the infiltration.

You can read more here.

Twitter bug linked to China and Saudi Arabia

In November, a strange bug was found in Twitter’s support contact  form. It allowed the discovery of people’s phone number country code (if associated to Twitter) and their blocked account status.

Twitter fixed the bug the day after discovery, but an investigation has lead the social media network to Asia and the Middle East. Twitter said: “We observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.”

China has denied any State involvement.

You can read more here.

Germany on high alert for Chinese cyber-attacks

A tip from the US intelligence community has forced Germany’s Office for Information Security (BSI) to warn German companies of potential Chinese cyber espionage.

The warning comes after Chinese hackers recently gained illegal access to sensitive messages between EU leaders and other nation Government officials. An unknown source has suggested that the Chinese hackers may be targeting German construction, engineering and other large commercial organisations.

The German cabinet has now passed a measure to allow greater Government scrutiny into purchases and investment made by non-European entities, in an effort to prevent cyber-attacks.

You can read more here.

Facebook gave Netflix and Spotify access to users private messages

It has been revealed that Facebook allowed Microsoft Bing’s search engine to see the names of almost all Facebook users’ friends (without consent) and allowed Netflix and Spotify to read Facebook users’ private messages.

In addition, Facebook permitted Amazon to obtain users’ names and contact information via their friends. Some of the parties involved deny any involvement, particularly Netflix, who stated: “at no time did we access people’s private messages”.

These findings are part of an ongoing investigation into the way Facebook has managed the privacy of its users’ data in recent years.

You can read more here.

London’s Russian Embassy hit by cyber-attack

The Russian Embassy in London has claimed its website was targeted by hackers on Monday.

The attack has occurred during a time of heightened tension between Russia and the UK. The tense relationship has worsened since the UK accused Russia of using cyber-warfare against the West.

The Embassy described the attack as “brutal” and believe the attack was carried out from British territory.

You can read more here.

Quick Fire Updates

Cyber-attacks attempted every 2.5 minutes – A study shows that UK businesses were subjected to over 52,500 cyber-attacks; the equivalent to 578 attempts a day, or one every 2.5 minutes. Seventy-five percent of said attacks were related to fraudulent emails opened by employees. Disgruntled ex-employees, suppliers and professional hackers carried out other attacks. Read more here.

Businesses of all sizes are a target for cybercriminals – A Stoke-on-Trent pottery firm, Steelite International, has been victim to a ransomware cyber-attack. The attack caused disruption to payroll, with the IT team having to rebuild the servers in order to avoid the 79-Bitcoin ransom demand. Luckily, the organisation had back-up files, which the hacker didn’t have a chance to encrypt. Read more here.

Stay safe online this Christmas – We’ve written a short eBook about staying vigilant online over the seasonal period. With advice for consumers and businesses, there’s tips for everyone. Download the eBook “How to avoid cybercriminals this Christmas” here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.  We’ll be back in the office on Wednesday 2nd January to answer any questions you might have.