Intersys Logo
Menu

Managed IT Support

A Reasonable, Fixed Monthly Fee for All Your IT Needs
Managed IT Support Provider

Consulting Services

The High Level IT Consulting Services You Need to Transform Your Business
Get IT Consulting Services

Cyber Security

A Comprehensive Range of Cyber Security Services for Robust, Industry-Leading Protection
Get Cyber Security Services

IT Solutions

Whatever your IT needs, we'll create a tailormade solution for you
Get IT Solutions

Cyber Security Monitor: April 2023

How do you respond to a cyber attack when the whole world is watching?

Some sobering lessons from the Capita hack this month where the outsourcing giant has come under scrutiny for its slow response to revealing the damage done by a recent breach.

Of further concern to businesses is the government warning that you don’t have to be a coding genius to commit serious cyber crime.

Organisations are at increased risk of corporate espionage thanks to off-the-shelf attack tools used by hackers-for-hire. These keyboard crims are using freely available commercial hacking tools to steal confidential information.

In addition, reports of AI being subverted via Prompt Injection weaknesses mean that these flaws could be exploited by non-technical hackers using natural language. 

This is likely to be an area of wider concern for Open AI, as well as Google and Microsoft’s chatbots Bard and Sydney respectively.

In more positive news, the government is gaining ground on cyber criminals with the creation of a new National Cyber Force and lots more investment in cyber protection.

As always, the advice for staying safe remains the same – stay vigilant, follow security best practice and invest in cyber security training.

Here’s a round-up of what caught our eye in April:

Capita hack goes from bad to worse

Capita, one of the country’s largest outsourcing companies – with £6.5 billion worth of government contracts – finds itself in a rapidly worsening hack scenario.

Late last month, it said it was hit by an ‘IT issue’ which it later confirmed to be a ‘cyber-incident’. The hack mainly affected Capita’s Microsoft 365 estate. Capita’s response has come under growing scrutiny as the company was slow in revealing the full extent of the damage. 

However, a report by the Times soon claimed that sensitive personal data including over a hundred bank accounts, passport photos and addresses were now up for sale on the dark web. 

Capita has now acknowledged that hackers stole potential staff, customer and supplier data. 

The group behind it is believed to be the Russian ransomware criminal gang Black Basta. The hack is particularly worrying as Capita provides outsourcing services to the NHS, the British Army, the Royal Navy and many other public and private organisations considered to be part of our critical national infrastructure.

A big lesson here for businesses and organisations – transparency about cyber attacks is vital from the very start. It’s an important part of your cyber breach response strategy as per GDPR. And you don’t want the news sites beating you to it! If you’d like help improving your own Business Continuity Planning and response strategy for data protection, please get in contact.

 Government is fighting back against cyber crime with National Cyber Force

The National Cyber Force is the government’s new bulwark against cyber crime. There has been ramped up investment in the UK’s overall cyber security as set out in the 2022 National Cyber Strategy. 

The National Cyber Force is an important element of this commitment. The NCF’s main aim is to support the armed forces and UK foreign policy in disrupting a wide range of cyber threats. 

These can include everything from foiling terrorist attacks and hostile state actors to preventing serious crime.

TikTok fined £12.7m for unlawfully processing children’s data

The Information Commissioner’s Office has fined the Chinese-owned video sharing app £12.7m for illegally processing the personal data of over a million children.

The watchdog said that the data of 1.4 million children under 13 was illegally processed as the children were using the platform without parental consent. This is in breach of UK data protection laws.

According to the ICO, TikTok “was not doing enough to prevent under-13s accessing their platform”. The fine comes close on the heels of a government ban of the app from work devices and parliamentary networks.

Tik Tok’s privacy settings are indeed worrying as we explore in our most recent blog post here.

Government warns of Hacking-as-a-Service

The UK’s cyber security agency has raised the alarm over increasingly popular commercially available hacking and espionage services.

The agency further warned that commercially available cyber crime tools can be easily bought off-the-shelf and have lowered the barrier for entry to state and non-state actors. 

Of special importance to businesses, is the warning that commercial ‘hackers-for-hire’ pose a significant corporate espionage threat to an organisation’s confidential information across a range of sectors. 

The recent government crackdown on the Genesis cyber-crime website is an example of how even low-level cyber criminals were able to buy victims’ passwords online to commit fraud.

Google releases patch update for second zero-day attack

Google has issued an updated patch for a high-severity zero-day exploit in its Chrome web browser. 

The bug is also known as CVE-2023 – 2136. This is the second vulnerability to be exploited this year.

Users have been advised to upgrade to version 112.0.5615.137/138 for Windows, 112.0.5615.137 for macOS, and 112.0.5615.165 for Linux. 

Those using Chromium-based browsers such as Brave, Microsoft Edge, Vivaldi and Opera should also apply patches immediately.

Stay up to date with IT Industry news

Subscribe to our newsletter

Please enable JavaScript in your browser to complete this form.

Subscribe to our newsletter

Please enable JavaScript in your browser to complete this form.

In other news

December 4, 2023

A Haven of Hope

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram