data breach Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

data breach

ContiLeaks: Ransomware gang suffers data breach

 960 640 Guest Post
By:
0
0

By Varonis

Conti, one of the most infamous, prolific and successful big game ransomware threats, has suffered yet another embarrassing leak with a treasure trove of both internal chat transcripts and source code being shared by a reported Ukrainian member.

Having previously had their internal manuals and tools exposed by a disgruntled affiliate in August 2021, these latest leaks appear to be in response to the group “officially announcing a full support of Russian government” [sic] and that they would respond to any attack, cyber or otherwise, against Russia with “all possible resources to strike back at the critical infrastructures of an enemy”.

Given that members of the group may themselves be Ukrainian or have close ties to the country, this warning likely inflamed tempers leading to both the warning being updated and these subsequent leaks.

Much as the previous leak allowed their toolsets to be analyzed and revealed common indicators of compromise (IOC), analysis of these recent data leaks and chat logs provides insights into how Conti, and likely other similar ransomware groups, coordinate and conduct their operations.

The outcome of these leaks remains to be seen; Conti and its members may be forced to disband or, as is often the case with ransomware groups, lay low for a period before rebranding and relaunching their operation.

Click here to finish reading the full blog post or visit the Varonis website here.

50% of UK universities have reported data breaches in last 12 months

 960 640 Stuart O'Brien
By:
0
0

More than half of UK universities reported a data breach to the ICO in the last year, while 46% of all university staff received no security training and almost a quarter of institutions (24%) did not commission a penetration test from a third party. 

That’s according to research conducted by Redscan on the state of cyber security in the higher education sector, based on an analysis of Freedom of Information requests.

The National Cyber Security Centre (NCSC) itself says universities are targeted by criminals seeking financial gain, as well as by nation state attackers looking to steal intellectual property. The Redscan report underscores the degree to which universities are an attractive target. It also raises concerns that many may not be doing enough to defend against the latest threats, particularly at a time when institutions are embracing remote teaching en masse and conducting world-changing research in relation to COVID-19. 

Defending against an incessant stream of phishing attacks remains a challenge of all universities, says Redscan. Several institutions reported receiving millions of spam/phishing emails each year, with one reporting a high of 130 million. Phishing attempts were described as being “endless” and one university disclosed that attacks had increased by 50% since 2019. 

Other key findings from the report include:

  • 54% of universities reported a data breach to the ICO in the last 12 months
  • A quarter of universities haven’t commissioned a pen test from an external provider in the last year
  • 46% of all university staff in the UK received no security training in the last year. One top Russell Group university has trained only 12% of its staff
  • Universities spend an average of £7,529 per year on security training, with expenditure ranging from £0 to £49,000
  • Universities employ, on average, three qualified cyber security professionals
  • 51% of universities are proactive in providing security training and information to students
  • 12% of universities do not offer any kind of security guidance, support or training at all to students
  • 66 out of 134 universities have Cyber Essentials or Cyber Essential Plus certification

Redscan CTO, Mark Nicholls, said: “UK universities are among the most well-respected learning and research centres globally, yet our analysis highlights inconsistencies in the approach institutions are taking to protect their staff, students and intellectual property against the latest cyber threats. 

“The fact that such a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing, is concerning. These are foundational elements of every security program and key to helping prevent data breaches. 

“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding.” 

“The threat posed to universities by nation state attackers makes the need for improvements even more critical. The cost of failing to protect scientific research is immeasurable.” 

How to manage, detect and respond to a data breach

 960 640 Guest Post
By:
0
0

Can you be 100% confident that your business has not been compromised?

How would you know if the attacker has not used malware or a virus that would be picked up by the perimeter defences?

Even when a compromise is identified, many companies aren’t sure what the next steps should be.

It is the speed with which a breach is detected, and the effectiveness with which it is remediated, that will provide the most value.

Learn how to manage, detect and respond to a data breach in Corvid’s latest blog:

https://www.corvid.co.uk/blog/how-to-manage-detect-respond-to-a-data-breach

NCSC outlines data breach roles

 960 640 Stuart O'Brien
By:
0
0

Data breach roles have been outlined to help victims of cyber incidents and form an improved approach between the UK’s technical authority for cyber threats and its independent authority for data protection. 

Speaking at the second day of the National Cyber Security Centre (NCSC) annual conference CYBERUK, Chief Executive Ciaran Martin and Information Commission Office (ICO) Deputy Commissioner James Dipple-Johnstone outlined the understanding between the organisations.

The NCSC manages cyber incidents of national importance to reduce harm caused to victims and to the UK, help with managing the response and learn lessons to help deter future attacks.

The ICO is the independent regulator for the monitoring and enforcement of the General Data Protection Regulation (GDPR) and the competent authority for Digital Service Providers under the NIS Directive, meaning breached organisations should notify them of incidents, cooperate and take remedial action.

Amongst the commitments outlined were a greater clarity of the separate roles and responsibilities each organisation has after a cyber incident, making it easier for a victim to deal with the right authority/organisation at the right time.

The NCSC outlined plans to engage directly with victims to understand the nature of the incident and provide free and confidential advice to help mitigate its impact in the immediate aftermath; encourage impacted organisations to meet their requirements under GDPR and the NIS Directive, while reassuring organisations that the NCSC will not share information reported to them on a confidential basis with the ICO without first seeking the consent of the organisation concerned and help the ICO expand their GDPR guidance as it relates to cyber incidents.

The ICO stated it would focus its early stage engagement to the vital steps required to help ensure impacted organisations mitigate risks to individuals and stand up an effective investigation and establish circumstances of the incident, making sure that organisations have adequately protected any personal data put at risk and in circumstances of high risk to individuals organisations have properly met their legal responsibilities.

Both organisation should share duties, including the sharing anonymised and aggregated information with each other to assist with their respective understanding of the risk and commit to amplify each other’s messages to promote consistent, high quality advice to ensure the UK is secure and resilient to cyber threats.

Discussing the roles outlined,NCSC Chief Executive Ciaran Martin said: “This framework will enable both organisations to best serve the UK during data breaches, while respecting each other’s remits and responsibilities.

“The development of this understanding is as a result of a constructive working relationship between our organisations, and we remain committed to an open dialogue on strategic issues.

“While it’s right that we work closely together, the NCSC will never pass specific information to a regulator without first seeking the consent of the victim.”

ICO Deputy Commissioner – Operations, James Dipple-Johnstone, said: “It’s important organisations understand what to expect if they suffer a cyber security breach.

“The NCSC has an important role to play in keeping UK organisation safe online, while our role reflects the impact cyber incidents have on the people whose personal data is lost, stolen or compromised.

“Organisations need to be clear on the legal requirements when to report these breaches to the ICO, and the potential implications, including sizeable fines, if these requirements aren’t followed.”

The NCSC will seek to forge similar enhanced clarity on its working relationship with law enforcement colleagues who are at the core of the response to malicious data breach incidents.

Brits ‘more likely’ to change spending habits after a data breach

 960 640 Stuart O'Brien
By:
0
0

The consequences of a data breach have a greater impact in the UK versus the United States, according to new data.

41% of British consumers said they will stop spending with a business or brand forever following a data breach, compared to just 21% of US consumers.  

The research into consumer trust and spending habits was conducted by payment security specialists PCI Pal, and pointed to some clear cultural differences between the two countries.

The survey found that 62% of American consumers would instead stop spending for several months following a security breach or hack, with 44% of British consumers agreeing the same. 

Over half (56%) of all UK respondents were more reticent to give credit card details verbally over the phone than their American counterparts where it was found that four out of every ten (42%) of US respondents were uncomfortable reading out their details.

US consumers were generally less accepting to provide payment details over the phone with only 15% saying they would “hand over their information, no questions asked”, compared to a quarter of UK consumers. Instead 38% of American’s would ask for an online alternative to complete a transaction, while 32% of Brits said they would “hang up and find an alternative supplier.”

“Awareness of data security is something that is on everyone’s radar, yet our UK and US surveys have highlighted some real differences of opinions and traits, when comparing attitudes to data and payment security between the two countries,” said James Barham, CEO at PCI Pal.

“UK consumers certainly seem more guarded with providing personal information, such as payment card details, over the phone, yet the US is catching up fast. Similarly, if a security breach has occurred at an organisation, Brits appear more likely to avoid that organisation in future, and instead go elsewhere. In my opinion, 2019 is the year that organisations need to take steps to provide far clearer assurances to consumers as to how their data is being captured, processed and stored otherwise customers are not going to wait, and they may find them going elsewhere for their purchase.”

Looking at trust in businesses and brands, 55% of UK respondents felt they could trust a local store with their data more than a national company. They felt a local store was more likely to care about their reputation (30%) and hackers were less likely to target a local store as it is smaller (25%) while only 22% felt a national company would be more secure as they follow more security protocols.

In stark contrast, the reverse was true in the US with only 47% of respondents feeling they could trust a local company more than a national chain. In fact, 28% felt a national company would be more secure as they follow more security protocols, while 25% felt they have more money to invest in security protocols. 

Almost a third (31%) of UK consumers stated that they would spend less with brands they perceive to have insecure data practices, compared to just 18% of US survey respondents.

Morrisons staff sue over data breach

 960 640 Stuart O'Brien
By:
0
0

Grocery giant Morrisons is being sured by thousands of current and former employees in a class action over damages brought about from a data leak.

The case at London’s High Court follows a breach of security in 2014, when a former senior internal auditor, Andrew Skelton, working at the retailer’s Bradford HQ, posted the payroll information of nearly 100,000 employees on the internet.

The information included bank, salary and national insurance details, phone numbers and addresses.

Skelton was found to bore a grudge against  Morrisons and was jailed for eight years in 2015 fro fraud, securing unauthorised access to computer material and disclosing personal data.

The new case is being viewed as the first data leek class action in the UK, with legal experts agreeing that the case has potential implications for every individual and business in the country.

The trial is concerned with the use of liability, involving claims brought by 5,518 current and former Morris’s staff, who allege the company failed to prevent the leek.

The claimants also allege that the data leek exposed them to identity theft and potential financial loss, with Morrisons responsible for breaches of privacy confidence and data protection laws.

The lawsuit is being brought bylaw firm JMW Solicitors.

Discussing the case, Nick McAleenan, partner at JMW Solicitors said: “The court will decide whether Morrisons bears any legal responsibility for the misuse and disclosure of the payroll information of the many thousands of people bringing claims in this case.”

Morrisons denies liability.

Retailer CeX suffers data hack

 960 640 Stuart O'Brien
By:
0
0

Tech trade-in retailer CeX has suffered a data breach, which could affect top to two million of its registered website customers.

In an email to its customers, managing director David Mullins said it was investigating the breach “as a priority” and that they would be “taking a number of measures to prevent this from happening again.”

It is believed that the breach was a result of an unauthorised third party accessing CeX’s computer systems, with customer information including names, addresses, email details and phone numbers compromised.

The email by Mullins also stated that for “a small number of customers” the breach may also extend to encrypted data from expired credit cards up to 2009, although it was unlikely any payment information was taken as CeX ceased storing customer cards in 2009.

CeX is currently contacting two million of its registered website customers.

“We are taking this extremely seriously and want to provide you with details of the situation and how it might affect you,” Mullins said in the email.

“This was a sophisticated breach of security and we are working closely with the relevant authorities to help establish who was responsible. Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again.”

CeX is asking all customers to change passwords for its Webuy online account.

“Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services,” the email said. “As such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password.

“We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats. Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.”

The £1m cost of a data security breach

 960 640 Stuart O'Brien
By:
0
0

A new report by NTT Security has revealed that a UK business will spend more than  £1 million recovering from a data security breach.

The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days. UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5 per cent drop, which fares slightly better than the global average of nearly 10 per cent.

In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64 per cent) cite loss of customer confidence, damage to reputation (67 per cent) and financial loss (44 per cent), while one in 10 anticipate staff losses, and nine per cent expect senior executives to resign following a security incident.

Some 63 per cent of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57 per cent.

“Companies are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage,” said Linda McCormack, vice president UK & Ireland at NTT Security.

“Although this year’s £1.1m figure is slightly down on last year’s report (£1.2m), no company, regardless of its size, sector or focus, can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed.“

A full copy of the 2017 Risk:Value report can be found here.