25 January 2019

IRM Weekly Cybersecurity Roundup: Alaska cyber-attack and more

Our weekly cybersecurity roundups gather the most important headlines in the industry from the last seven days. If you want the weekly roundup delivered straight to your inbox, you can sign up to the IRM newsletter.

100,000 Alaska households hit by cyber-attack

Over 100,000 households in Alaska who applied for public programmes (such as disability and senior benefits) have had their information compromised. Residents were informed after the Department of Health and Social Services sent out letters.

The cyber-attacks are thought to have occurred from April 26th – 30th 2018. The data breach was caused by a Zeus/Zbot Trojan virus which bypassed multiple layers of security and interacted with Russia-based IP addresses.

Information accessed by the attacker includes names, social security numbers, dates of birth and income.

You can read more here.

Universities cyber-attack each other to test defences 

20 universities have signed up to a new scheme that will see them paired off to spend a week “attacking” each other. The activity is hoped to uncover vulnerabilities in their processes, policies procedures, technology infrastructure and digital footprints.

The universities will use a mix of open-source intelligence and social engineering techniques to simulate the attacks. Running as a competition, the winning team will be the one who would have generated the most negative impact through their chosen hacking techniques.

You can read more here.

A new breed of cyber-attack: how to protect yourself

An attack described as a “man in the cloud” attack (MitC) has increased in recent years. It involves accessing victims’ accounts without the need to obtain compromised user credential. This is made possible by taking advantage of the OAuth synchronisation token system used by cloud apps.

OAuth synchronisation is designed to make the user experience better, but leads to vulnerabilities. Whilst difficult to prevent, organisations can take steps to minimise the chance of becoming a MitC victim.

These steps include conducting regular security training, using encryption to protect cloud data, enabling two-factor authentication and investing in a cloud-access security broker.

You can read more here.

Homeland Security targeted with cyber-attack

The Department of Homeland Security announced that their web and mail traffic was intercepted on Tuesday.

After the attack, which is thought to be believed from Iran, employees were asked to take login precautions, such as 2FA and passwords changes.

The attacker was able to tamper with the domain to redirect traffic, and gained access to encryption certificates to decrypt traffic, revealing any relevant data submitted by users.

You can read more here.

Quick fire updates

Cumbria NHS hit by over 150 cyber-attacks in five years – In 2017 alone, the Cumbria NHS trust spent £29,600 in dealing with cyber-attacks. With a lot of resources put into ensuring the safety of their IT systems, the Head of IT for the trust said it was possible this was the reason for the identification of higher volumes of cyber-attacks. Read more here.

Google slammed with £44m GDPR fine – due to “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. The judge felt that Google did not sufficiently inform Google users about how their data was collected for advertising. Read more here.

Belgian metal manufacturer hit by cyber-attack – Nyrstar, was hit by an attack on Tuesday which shut down some of their IT systems, including email. The manufacturer is currently working on a technical recovery plan. Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.