15 November 2019

IRM Weekly Cybersecurity Roundup: Labour hit by cyber-attacks and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

Labour hit by cyber-attacks and Lizard Squad claim responsibility

The Labour Party was the target of two DDoS attacks this week. After the initial attack on Monday evening, the Labour Party announced its systems were hit again on Tuesday afternoon.

Both attacks were said to be thwarted by a US-based technology company whose software is used by the Party.

Jeremy Corbyn said the attacks are “suspicious” because they took place during an election campaign. Corbyn cautioned that “if this is a sign of things to come in this election, I feel very nervous”. He added that, after the 2017 cyber-attack on the NHS, “we do need far better defensive arrangements”.

A NCSC source saLabour Partyid the cyber-attack on Labour was low-level and not as large and sophisticated as first thought.

The NCSC is confident the party took the necessary steps to deal with the attack and therefore the incident is now closed.

The notorious hacking group “Lizard Squad” claim responsibility for the attacks and warned there will be more follow, especially if Labour win the election.

Lizard Squad claim to have control of a botnet that is connected to millions of devices around the world, enabling more power to process large attacks. You can read more here.

Public charging points are being targeted by hackers

Hackers are gaining access to user’s phones via USB ports inside Delhi airports and markets.

Many airports around the world have free USB power charging stations for travellers to use when running low on battery, but a warning has been issued for travellers heading to Delhi airport to be wary of these stations after a rise in “Juice Jacking”.

Juice Jacking is a form of hacking using charging USB ports. These stations are very rarely monitored and are easily tampered with. Inside the cords is an extra chip that deploys hidden malware on victim’s phones when plugged in and downloading information.

Hackers can access text messages, social media, photos, videos, e-mails, locations, notes, contact details, bank details, and, more importantly, they can take screenshots every five seconds

Researchers at a security firm have also found that they could install a third-party application, like a virus, onto a smartphone via its USB cable connection to a computer in three minutes.

The Delhi Police are now trying to figure out the problem to find a solution. You can read more here.

Malware infections soar 60% on healthcare organisations in 12 months

Healthcare organisations (HCOs) have seen a 60% rise in ransomware attacks and cybercriminals stealing data since 2018.

Hackers are attracted to the HCO’s because of the high ROI offered by patient’s personal information.

Methods such as exploiting unpatched flaws in third-party software and using phishing emails to deliver malicious links and attachments were the top methods of attack.

Healthcare malware rise

A report has claimed that data breaches at hospitals has led to an increase in the 30 day mortality rate for heart attacks, adding 36 additional deaths per 10,000 heart attacks per year. The cause of this is due to the clean-up time required following a cyber-incident.

With HCO’s IoT devices expanding, the average attack could pose a further security risk if security is not built-in from the very start. You can read more here.

Quick-fire Updates

Latest iOS version allows Facebook access to iPhone cameras: A bug was found in the latest version of iOS that opens the iPhone camera whilst users scroll through Facebook, Allowing the social media giant access to the camera. Facebook has since fixed the bug and confirm nothing had been uploaded due to the bug. You can read more here.

Airbus announces human-centric cybersecurity accelerator programme: Airbus has launched a human-centric cybersecurity accelerator program featuring a team of human factor and cognitive psychology experts that will work in collaboration with the NCSC to gain crucial insights into human-centric approaches for improving cybersecurity effectiveness. You can read more here.

Cyber-attacks on online retailers on the rise due to more retailers closing stores and jumping online. With a rise of website hijacking and fraudulent websites, online retailers should be maximising their cyber-defences, especially with Black Friday (November 29th) and Cyber Monday (December 2nd) just around the corner. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.