Cyber Security Roundup for June 2021 | #cybersecurity | #cyberattack


   

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021.

UK Smarties Cities Cybersecurity Warning

The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. NCSC warned UK Smart Cities will be highly targeted by hackers, and as such, councils need to ensure they are properly prepared as they rollout increasingly connected and technology-reliant infrastructure. The NCSC said critical public services must be protected from disruption, while sensitive data also needs to be secured from being stolen in large volumes. Smart cities and connected rural environments promise a host of benefits for UK society, for instance, sensors will monitor pollution, real-time information on parking spaces, while cameras will track congestion and smartly manage traffic flow. However, another concern is the large volumes of personal information that will likely be collected by smart cities technology, which could erode privacy by allowing citizens to be tracked in greater detail than ever, or could be stolen by criminals or hostile states.
The NCSC’s technical director, Dr Ian Levy, referred to Hollywood depictions of cyber-attacks on critical city infrastructure. He picked out the 1969 classic movie ‘The Italian Job‘, where a computer professor switches magnetic storage tapes running traffic in the Italian city of Turin, which causes utter gridlock, enabling a haul of gold to be stolen by mini cars weaving through the traffic chaos. A similar ‘gridlock’ attack on a 21st-century city would have catastrophic impacts on the people who live and work there, and criminals wouldn’t likely need physical access to the traffic control system to do it” Dr Levy warns in a blog.

Is your Home Router a Security Risk?

Use of weak passwords was a common theme with the investigation, which concluded:

  • weak default passwords cyber-criminals could hack were found on most of the routers
  • a lack of firmware updates, important for security and performance
  • a network vulnerability with EE’s Brightbox 2, which could give a hacker full control of the device

The routers found lacking in security updates included:

  • Sky SR101 and SR102
  • Virgin Media Super Hub and Super Hub 2
  • TalkTalk HG635, HG523a, and HG533

Which? computing editor Kate Bevan said that a proposed UK Smart Device legislation which would ban default passwords on routers “can’t come soon enough. Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks“.

Eight Arrested in UK Smishing Fraud Bust

Eight UK men were arrested in an investigation into scam text messages. These scam text messages are known as “smishing” within the security industry, where text messages entice victims with a web link to either malware or malicious website, in a bid to steal personal data or bank details or to have the victim make a bogus payment. The suspects, in this case, were allegedly involved in sending fake messages posing as the Royal Mail, asking people to pay a fee to retrieve a parcel.

Colonial Pipeline DarkSide Ransomware Attack

A Russian cybercriminal group called DarkSide was said to be behind a devasting ransomware cyberattack that shut down a major fuel pipeline in the United States for several days. The cyberattack took down Colonial Pipeline’s IT systems which manage a 5,500-mile pipeline network that moves some 2.5 million barrels of fuel a day from the Gulf of Mexico coast up through to New York state.  The cyberattack dominated media headlines in the United States, with US drivers warned not to panic buy petrol amid shortages in eastern states. DarkSide released a statement following the publicity, stated didn’t intend to take the pipeline offline – “Our goal is to make money and not creating problems for society“. CNN, the New York Times, Bloomberg and the Wall Street Journal all reported Colonial Pipeline paid $5 (£3.6) million in Bitcoin to Darkside. 

It was reported DarkSide had made at least $90m in ransom payments from about 47 other victims according to Bitcoin records. DarkSide is one of at least a dozen prolific ransomware gangs making vast profits from holding companies, schools, governments and hospitals to ransom.

Conti Ransomware takes down Ireland’s Health Service

Conti typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors.  The FBI issued a warning in the United States about the Conti gang targeting at least 16 healthcare networks there. More than 400 organisations have been targeted by Conti worldwide.

More Big Data Breaches

BLOG

VULNERABILITIES AND SECURITY UPDATES

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/x8NVgQY6NcQ/cyber-security-roundup-for-june-2021.html



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen − = six