Another interesting week of news in the cybersecurity industry. Don’t forget to read our quick fire updates at the bottom of the blog for snippets of more news. Sign up to the IRM newsletter to get the roundup delivered straight to your inbox.
O2 global outage caused by ‘expired certificate’
Yesterday’s O2 4G outage affected over 25 million customers (including Sky Mobile, Tesco Giffgaff and Lycamobile). Ericsson, a third-party supplier to O2, has confirmed: “an initial root cause analysis indicates that the main issue was an expired certificate in the software version installed with these customers”. 02 has now successfully found a fix and customers are able to access the network as normal.
You can read more here.
Huawei banned due to security concern
The Chinese telecom firm has recently been banned from supplying mobile network kit by New Zealand’s security services. This is due to a “significant network security risk that was identified”, which Huawei has publicly objected.
New Zealand are not the only ones to have concerns. BT has followed suit by barring Huawei’s 5G kit from their core network once rolled out in the UK. This followed suggestions by MI6 that Britain needs to consider how “comfortable” the country is using Chinese-owned technologies. Despite BT’s concerns, they have stated they will continue to use Huawei equipment for phone mast antennas along with other ‘non-core’ products.
Read more about the BT ban and New Zealand ban.
‘London Blue’ hacking group follow the money
50,000 financial leaders in London are being targeted with business email compromise (BEC) attacks from the Nigerian cybercriminal group, ‘London Blue’. The group has extended their reach to include bank executives and mortgage companies.
According to the research, the planned BEC scams will focus on stealing property purchases or lease payments. The cybercriminals will use spear-phishing techniques to trick people into sending money to fraudulent accounts.
You can read more here.
Paying ransom could violate US Government sanctions
This week, the US Department of Justice unsealed a grand jury indictment against the hackers responsible for the SamSam ransomware attack. The information includes details of the individuals who were involved.
The US Government has determined the two individuals in charge of converting ransom cryptocurrency payments. This means that you could be fined for sending ransomware payments to these individuals, and you should check the OFAC list to ensure there will be no legal ramifications if your organisation is subject to a ransomware attack.
You can read more here.
How safe is your money?
A report by the Financial Conduct Authority (FCA) published in November showed that cyber-attacks in the UK financial system accounted for 18% of operational incidents between Oct 2017 and September 2018.
They conclude that technology outages are becoming more frequent and publicised, with “cyber resilience” ranking as a top concern. More specifically, “people, third party management and protecting their key assets” mean that financial companies struggle to manage their risks.
You can read the full report here.
Quick fire updates
Q&A website has a lot to answer for after security breach –The popular members-only question and answer site, Quora, has revealed the cybercriminals stole the data of 100 million users. All members have been prompted to change their password whilst the site investigates the ‘malicious third party’ who gained unauthorised access. You can read more here.
Security hole found in Kubernetes – The popular cloud container orchestrations system’s first major security hole has been discovered. The flaw allowed any user to establish a connection to a backend server, which enabled them to send arbitrary requests over the network connection. The fault has been fixed with the latest upgrade. You can read more here.
Production at Christie Digital halted by cyber-attack – A malware attack on technology and digital display system company, Christie Digital, forced managers to send staff home after production was stopped. Many of their machines are software-controlled, meaning they were affected by the cyber-attack. You can read more here.
To receive this blog direct to your inbox every week, sign up to our newsletter.
If you have any concerns about how your organisation cyber-resilience or preparedness to handle a cyber-attack like those explored in this week’s roundup, get in touch with IRM to see how we can support your cyber strategy.