Stay one step ahead of cyber criminals with our regular news and tips
What’s the connection between Russian military intelligence, the Chinese government and a 17-year-old from Walsall?
The answer is they all posed a significant cyber threat to UK organisations recently.
For us, the sheer randomness and variety of threats out there only further reinforces the importance of Zero Trust. This fundamental of cyber security does what it says on the tin – encourages us to suspect every user, device or network until properly verified.
If Zero Trust isn’t at the heart of your cyber security strategy, we’d encourage you to investigate the fundamental principles of this approach.
It’s the rational response to existential threats from China, Russia, hostile teenagers… we could go on.
UK transport network hit by cyber attacks
It’s been a testing time for UK transport with two cyber incidents grabbing the headlines this month.
In the most recent, 19 Network Rail stations were targeted via a Wi-Fi hack with Islamophobic intent. When commuters tried to log into the train Wi-Fi networks, they were redirected to a webpage featuring a message about terror attacks.
Third party service provider Telent who provide WiFi services to Network Rail have confirmed that the hack was an act of ‘cyber vandalism’ committed by an employee of Global Reach, another third party internet provider in Telent’s supply chain.
British Transport Police have arrested an employee of Global Reach in connection with the case.
Earlier in the month came the TfL cyber attack, where customer details including Oyster card refund data and bank details of roughly 5,000 commuters were reportedly stolen. As a result of the hack, TfL has asked more than 30,000 employees to attend in-person appointments to verify their identities and reset passwords.
The National Crime Agency has revealed that it questioned a 17-year-old teenager from Walsall in connection with the attack.
From Russia, not with love: digital sabotage exposed for the first time
The UK government along with American and European allies has uncovered a Russian military intelligence unit suspected of carrying out cyber warfare against government and critical infrastructure organisations around the world.
The National Cyber Security Centre (NCSC) and agencies in America and Europe have uncovered tactics used by Unit 29155 of the Russian GRU (the military intelligence service). This unit is believed to be responsible for cyber espionage, sabotage and reputational harm offensives against several governments. It’s the first time that the UK has officially named and shamed Unit 29155, which is believed to have been carrying out these activities since at least 2020.
Businesses have been advised to follow specific recommendations such as
Enabling MFA for all critical accounts, VPNs and webmail
Prioritising routine system updates and patching known exploited vulnerabilities
Segregating networks to stop the spread of attacks
Government warns business of Chinese cyber attacks
Close on the heels of the Russian warning, comes another call from the NCSC, this time about China. UK businesses have been alerted to protect their devices from Chinese botnet attacks.
The NCSC along with its allies in the US, Australia, Canada and New Zealand have warned of the existence of more than 260,000 compromised devices around the globe that are under the control of the Chinese government.
It’s believed that a Chinese firm with close ties to the government controls a large network of internet-connected devices that have been riddled with malware. These could be used to carry out distributed denial-of-service (DDoS) attacks, where websites could be forced offline, or spread malware at scale. Devices at risk include routers, webcams, CCTV cameras and other IoT (internet of things) devices.
There’s a particular threat to older equipment using out-of-date security measures.
Now that’s poor service!
Thousands of enterprise organisations using the ServiceNow platform may have been hit by a data leak.
ServiceNow is a US software company that provides cloud-based workflow management for its corporate clients. The software includes a suite of tools covering IT services, HR tasks, customer service management and a knowledge base for internal systems.
Researchers from security firm AppOmni revealed this month that mistakes made by ServiceNow in configuring enterprise instances meant that their corporate client’s knowledge base (KB) articles containing sensitive information were exposed to external users and potentially threat actors.
The exposed KB articles are a library of resources for internal users and processes.
Exposed information includes sensitive corporate information such as personal data and credentials to live production systems.
Affected organisations have been asked to apply internet protocol restrictions for inbound traffic, disable public widgets, or further secure their access control lists.