On our radar this month :
- How to regain control of your personal details online
- The phishing scam that beats MFA
- What we can all learn from the PSNI data breach
- How ChatGPT is helping scammers
- The reason why ransomware payouts have increased in 2023
- The spiralling cost of the recent Capita breach
- Why that message from your CEO may not be from your CEO
Have you noticed that cyber security stories are hitting the headlines more and more – even becoming lead news items?
It’s a sign of the times, unfortunately. But there is a glimmer of light. The increase in criminal activity is making people more aware – even technophobes want to protect their businesses and money, after all.
It reminds us of the Nineties, when a wave of burglaries made home alarm systems the topic of the day around dinner tables. As the criminals ramp up their efforts, let’s hope there’s a built-in safeguard – businesses and individuals taking a greater interest in cyber security best practice and strengthening their defences.
Oops, you overshared. Here’s how to regain control of your personal details
That old Facebook photo from 2008 still lingering online is embarrassing, but what’s even more damaging is the trail of personal information that we all have littered across the internet.
If you’ve ever worried about the kinds of personal data that the internet has on you, read on.
Data brokers often profit from freely available personal information such as browsing histories, credit scores and health details.
This data is pretty much up for grabs and can make you a target for scams, identity theft and even lead to increased insurance costs and loan denials in some cases.
But you can take back control by using some clever tools.
Our Senior Security Consultant Jake Ives shares a few web monitoring tools which make it easy to remove any personal data from online databases.
They work by monitoring the internet for key terms and allowing you to review and request for them to be taken down.
- https://incogni.com/ — Automatically removes your personal information from data brokerages.
- Kanary — Identifies old profiles and other internet presences that can be deleted. You provide it aliases, emails and phone numbers and it hunts down references across the internet, thereby saving you all the manual work.
- https://www.dehashed.com/ — This service is effectively dark web monitoring with alerting. As with Kanary, you can provide it with usernames, phone numbers and emails to track down.
The ‘Evil’ phishing scam that is beating MFA
We have seen a recent spike in a novel attack that, worryingly, can bypass MFA security to gain login credentials for victims’ accounts. EvilProxy Phishing is a Man In The Middle (MITM) style intrusion where criminals intercept a business’ data transfer to steal sensitive information.
It’s fast becoming a real concern in the cyber security world and is even being advertised online as a readily available service for anyone looking to start a hacking campaign.
Our latest blog post takes a deep dive into this new attack strategy and also provides some vital security advice.
We’d like to reassure all our SOC clients that our engineers are constantly monitoring your systems for this and many other threats. If you still have any questions, do get in touch.
What we can learn from the PSNI data breach
A solemn reminder that data breaches within high-risk organisations can have implications even more serious than reputational and financial costs. Lives could be at stake.
A recent human error at the Police Service of Northern Ireland (PSNI) led to the accidental exposure of the personal details of its 10,000 staff. A PSNI staff member accidentally uploaded a spreadsheet including all staff names, job titles and locations when responding to a routine Freedom of Information request.
The Northern Ireland Police Federation has admitted that the breach could cause ‘incalculable damage’ and lead to employees being targeted by republican paramilitary groups.
Catherine Geyman, our ISO 27001 auditor and data protection expert, says it’s vital for high-risk organisations to:
“Have appropriate checks and balances in place when releasing information to the public. Do not put your organisation’s reputation in the hands of an individual – there should be a sign-off process involving a second pair of eyes.”
Tools such as Microsoft’s Data Loss Prevention can also help secure sensitive data from accidental exposure.
‘ChatGPT, please create a powerful phishing campaign.’
OpenAI’s groundbreaking ChatGPT has opened the gates to a flood of AI programs that can help businesses in virtually every field.
But the AI race has also led to the creation of tools that help cyber criminals and low-quality content generators. At the milder end of the spectrum are generic, mass-produced websites with little value designed just to feed off stray ad revenue.
AI content farms are also behind scores of fake news websites and false reviews.
On the more serious end of the scale are cyber crime tools like WormGPT, which can help even low-skilled criminals send out highly convincing and personalised phishing emails as well as generate malicious code.
Ransomware pay-outs have escalated in 2023. But why?
A surge in cryptocurrency ransomware payments reached $450m in the first six months of this year alone. It’s a sharp increase from 2022 when payments for the whole year didn’t reach $500m.
Researchers believe the increase is down to many reasons. One of them is that in 2022, cyber criminals saw their takings slump due to increasingly sophisticated security measures such as decryption tools and a global crackdown on ransomware groups.
They believe that ransomware criminals are becoming more audacious and aggressive this year to make up for last year’s shortfall. Recent high-profile cases include Capita, University of Manchester, The Guardian and Royal Mail.
Russia’s invasion of Ukraine is also seen as a big factor. Many ransomware groups are based in Russia and their operations are believed to have been affected by the war. It’s believed their ramped-up activity this year is making up for last year’s disruption.
Finally, further research found that UK ransomware payments top the global average at $2.1 m. High-earning companies are the most likely to be targeted and also more likely to pay out.
Remember the NCSC advice – it is never a good idea to pay Ransomware as there is no guarantee that you will get access to your systems or data. Also, you’re more likely to be targeted in the future.
It gets worse… Capita hack clean-up cost rises to £25 million
The financial impact of the cyber attack on global outsourcing firm Capita is finally becoming clear.
The company is expecting to pay between £20m and £25m to cover the costs of the ‘cyber incident’. Initial estimates for the hack were between £15m-£20m.
Capita says the increased estimate was down to the need to analyse the stolen data, undertake recovery and remediation, and improve cyber security.
A message from your CEO. Or is it?
It’s a routine scam but phishing emails purporting to be from CEO/ senior leadership team members can catch out untrained staff.
Our Senior Security Consultant Jake Ives has some detailed advice on how to spot fake CEO phishing scams.