Cyber_Bytes - Issue 44

Published on 26 August 2022

Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.

Suspected Russian cyber attack on British soil as firm subjected to ‘daily’ hacks

The National Cyber Security Centre (NCSC) and the police have been investigating a series of attacks attempting to take down a London-based cryptocurrency exchange, Currency.com. The attack involved coercing millions of computers worldwide to bombard the company's website with numerous requests in a bid to crash its systems.

The attack commenced within hours of Currency.com founder's announcement that he was pulling the company out of Russia following Russia's invasion of Ukraine. This is believed to be the first suspected Russian war-linked cyber attack on a UK company.

The NCSC believes that the attack has not been orchestrated by the Kremlin, but instead is likely to have been carried out by criminals who are possibly Russian in origin. Evaluation by Currency.com suggests that between 18 and 32 percent of the attacks stemmed from Russia and Belarus.

The attack follows warnings by Liz Truss, the Foreign Secretary, of “significant consequences on normal people and businesses in Ukraine and across Europe”, with a further announcement from the NCSC reiterating that organisations should follow their guidance on protecting themselves against attacks of this nature (see here).

Click here to read the full article as published by VTL News.

Five things we learned from DPPC 2022

More than 3000 data protection professionals from across the country attended this year's Data Protection Practitioners' Conference. The key takeaways include:

  • Training materials for business and organisations: John Edwards has highlighted the publication of the ICO information governance and legislation training modules, which it provides to its staff as part of its internal training. He has encouraged organisations and staff to take a look at these materials in the coming weeks to improve their data protection and information rights expertise.
  • Privacy professionals: John Edwards has reiterated the importance of data protection professionals' role within organisations, adding that the ICO could take further steps to connect DPOs with other members of the community to pool expertise and experience.
  • Safeguarding children: it is imperative that businesses and organisations have the confidence and know-how to share data in circumstances where this would safeguard children and young people.
  • Personal data and equality in a digital age: the key issue of how data protection sits alongside inequality was also considered, particularly in the context of supporting organisations to make good decisions about collecting good-quality data to address this. For example, artificial intelligence, if poorly implemented, can perpetuate biases as the processes rely on existing data which may already be entrenched with inequality.
  • The future of data protection reform: the UK Government's introduction of the new Data Protection and Digital Information Bill to Parliament is believed to strike a good balance between reducing regulatory burdens on businesses and recognising the value of rigorous data protection.

Click here to read the full article as published by the ICO.

Cyber attack targets IT firm used by Northern Ireland's health service

Health officials in Northern Ireland have disabled the health system's access to services provided by an NHS IT supplier, Advanced, after a cyber-attack caused a significant outage across the NHS computer system. The cyber criminals are suspected to have made demands for payments in exchange for not leaking information and removing the malware. The perpetrators are understood to be independent cybercriminals rather than being state-sponsored.

Advanced offers digital services to patients, including patient records, emergency prescriptions and support for NHS 111. It also provides the IT system that supports finance, procurement and logistics across Northern Ireland's health and social services. As such, there were concerns that the threat actors could have gained access to confidential health records, including mental health records, and leak them if the ransom demands were not met.

The Department of Health confirmed that "contingency measures" had been put in place following the attack. As of yet, there is no direct effect on services, including payroll and patient records; however, access was shut off as a precaution and to avoid exposing other critical systems to a risk of attack. At this stage, the incident could take weeks or months to be fully resolved.

Click here to read the BBC's full article and here to read the Guardian's full article on this news.

Microsoft warns about SEABORGIUM phishing attack that befriends you first to rob you later

The Microsoft Threat Intelligence Centre (MSTIC) has released a warning about a highly persistent phishing campaign known as "SEABORGIUM". Despite this campaign having existed since at least 2017, Microsoft believes that it has now collated sufficient information on SEABORGIUM and its operation in practice to publish detailed guidance describing the ways in which potential victims can protect themselves against it.

Typically, the threat actors involved in SEABORGIUM initiate an attack by observing their potential targets through the use of fake social media profiles. In addition to this, email addresses are often set up to impersonate real individuals in order to contact their victims, gain trust, and develop rapport.

If the target replies, SEABORGIUM proceeds to send a weaponized email, with the malicious website links inserted directly into the body of the email or via email attachments. These links in turn direct the target to a phishing portal mirroring the sign-in page for a genuine provider and invite them to insert their login information. In this way, SEABORGIUM is able to intercept any credentials.

SEABORGIUM has been observed to use stolen credentials to sign directly into victims' email accounts. Once they have gained access, the threat actors are then able to exfiltrate emails and attachments from inboxes, set up forwarding rules to accounts where the threat actors have long-term access to collected data and using fake accounts to communicate with people of interest attempting to gain access to sensitive information.

Click here to read Microsoft's full article and here to read  Neowin's full article on this news.

Bad for Privacy, but Great for Security: Apple AirTag Used to Identify Airport Staff Thief

An air traveller used an Apple AirTag to locate her missing luggage, which resulted in the arrest of an airline worker with over $16,000 worth of luggage recovered. The introduction of tracking devices such as the Apple AirTag enable users to track the position of their possessions in real time.

Unlike a typical tracker which may use GPS signal to identify location, AirTags use a combination of Bluetooth and UWB that can be picked up by other UWB-supporting Apple products (such as iPhones, iPads, and MacBooks). Once an AirTag has been picked up by another Apple device, the location details are streamed to the iCloud so that the device's owner can identify where their AirTag is.

Although Apple AirTags have shown themselves to be a useful tool in certain circumstances, their tracking ability has raised considerable privacy and security concerns. There have been various reports of people discovering AirTags in their bags, cars, and other possessions without their knowledge, which has many worried that criminals are using them to track valuable targets.

Click here to read the full article as published by Electropages.

Stay connected and subscribe to our latest insights and views 

Subscribe Here