After a bumper 2021, filled with data breaches, ransomware, cybersecurity flaws, and massive incidents, but also leaps forward in cybersecurity training, defences, and awareness, we could only hope that 2022 would offer a promising start. Unfortunately, breach trends continue, led by dedicated hacking attacks, rife ransomware, and businesses and individuals who are still neglecting even the basic cybersecurity principals. In total, there were 95 disclosed security incidents in January 2022, resulting in 65,984,648 compromised records.

Ransomware attack shuts down thousands of school websites

FinalSite, a leading school website services provider, has suffered a ransomware attack, disrupting access to websites for thousands of schools worldwide. On the 4 January any school district that used FinalSite was no longer reachable or was displaying error messages. At the time, FinalSite did not disclose that they had suffered an attack and simply said they were experiencing error and performance issues. All schools just had to send an apology email about the outage, as they were not getting any answers from FinalSite.

After three days of disruption, FinalSite confirmed today that a ransomware attack on their network was causing the outages. Investigations are ongoing but it is thought that no personal data had been compromised, just an interruption of the websites of all schools involved. FinalSite also had a big ransomware attack last year too, so has now said they are investigating ways to improve their systems, and are going to be monitoring their network system 24 hours a day, 7 days a week.

Hospital suffers big IT data loss

The Sandwell and West Birmingham Hospitals NHS trust experienced a ‘significant IT data loss incident’ resulting in huge disruption. It is believed the data loss occurred in December 2021 and affected over 20 systems across the Trust, which runs Birmingham City Hospital, Rowley Regis Hospital, and Sandwell General Hospital. Richard Beeken, the Trust’s chief executive, says some eye patients were affected, with some operations and procedures being postponed ‘on assessment of clinical risk’. He also explained that they were “working to recover all historic images and patient contact details.” It is thought that the incident was caused by a ‘recommended update’ prompt that popped up on a computer screen and someone accepted it. Investigations are still ongoing to conclude if this was a cyber-attack.

Another secondary school data breach in the northwest

Parents of children at the Whitby High School in Ellesmere Port, are being warned over a suspected data breach at their children’s school. Hundreds of parents reported that they had received a scam email the week commencing 17 January 2022, from a sender pretending to be from the school. The emails were sent to parents and guardians of current and former pupils at the school, and contained a link which they were asked to follow. The school is currently investigating the data breach and the source of the emails. Parents are being asked not to open any link or email that does not look like an official school email.

There has been a significant rise in the number of data breaches in secondary schools in the northwest over the past few months. In recent weeks, mums on a Facebook group have been discussing if a wider investigation is needed and if there is a link between them all. The police are discussing if further action is required.

Covid test data breach at Worcestershire school

A mix-up at a school in Worcestershire caused parents to receive the COVID-19 test results of other people’s children. The data breach was reported by secondary school and sixth form college, The De Montfort School in Evesham. Returning from their Christmas holidays students began asymptomatic testing once again at school and the incident has been described as a “human error” on the IT system. The headteacher at The De Montfort School, Ruth Allen, confirmed that the data breach had taken place while the test results were being uploaded to the school’s network. The incident involved the personal data of students and some teaching staff. The school has investigated what happened and the incident was reported to the Information Commissioner’s Office. Parents are being advised that if they got sent another child’s personal data please delete and not keep.

Gloucester City Council’s cyber attack linked to Russian hackers

A cyberattack that hit Gloucester City Council on 20 December 2021, has now been linked to the work of Russian hackers. The affected Council services are still being repaired, including the online revenue and benefits system, planning department, and customer service. They have been working closely with the National Crime Agency and the National Cyber Security Centre to understand what, why, and how the attack happened, and its ongoing effects.

According to the latest update, the malware made its way into the local authority’s system, embedded in an email which had been sent to a Council officer. The harmful software, known as sleeper malware, is understood to have been dormant for some time before it was activated. Other local authorities and government agencies are currently blocking the Council’s emails and online application forms used to claim for housing benefit, council tax support, test and trace support payments, and discretionary housing payments, and several other services have been delayed or are unavailable. Residents have been asked to contact the Council via email instead.

39 million patient records leaked in Thai hospital

At the beginning of the month, it was alleged that around 39 million patient records from Siriraj Hospital and nearby Siriraj Piyamaharajkarun Hospital, both in Bangkok, Thailand, were put on sale on an online database-sharing site. The authorities are still investigating the attack. The data supposedly comprises names, addresses, Thai ID numbers, phone numbers, gender, and dates of birth, according to reports.

This is just the latest to a growing number of attacks in the public health sector in Thailand.  Most local hospitals still have no cybersecurity teams or chief information security officers who can monitor threats.

Red Cross Hit with Cyber Attack

The Red Cross was hit with a cyber-attack, week commencing 17 January 2022 where more than 515,000 highly vulnerable people’s personal data was compromised. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world. Red Cross was extremely concerned following this attack, with the potential risks such as the confidential information of the vulnerable being shared publicly. A Red Cross spokesperson has said that they still do not know who is responsible for the attack and an investigation is underway.

Hackers threaten to leak data from France’s Justice Ministry

Hackers within the ransomware gang Lockbit 2.0 has claimed that they have hacked into the French Justice Ministry on the 27 January 2022. It is reported if the ransom is not paid by the 10 February 2022 the stolen data will be published. According to the hacker’s blog, 9,859 records are ready to be leaked and their website displays a countdown. The Justice Ministry has told the French press that it is “immediately organised to carry out the necessary checks in conjunction with the competent services in this area.” It has been confirmed that the ministry’s IT services detected the technical traces of an intrusion, however the extent of the attack, the nature of the documents stolen, and the ransom amount remain unknown for now.

Lockbit 2.0 has claimed several hacks in France in January, and in particular ransomware attacks, with local authorities and hospitals the primary victims of these attacks. Compared to the 2019 French cyber report, the new 2021 report says that ransomware attacks in France have nearly doubled since 2019.

DatPiff hit with huge data breach affecting millions

DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to download or upload samples for free. It has been revealed that they have suffered a big data breach, with almost 7.5 million members’ passwords sold online. The stolen data includes the user’s email address, password, username, and security question. It is not known when exactly the incident occurred, but the DatPiff database was first sold privately, and then publicly, on hacking forums in July 2020. Researchers believe it is because the database and systems are old, therefore were easy to hack. It is important to keep systems up to date.

DatPiff account holders are being advised by researchers to reset passwords and to use one that is unique and strong. DatPiff are still yet to comment on the situation and have not sent any notice to users, nor have they forced a password reset.

One of the biggest concerns in these types of attacks are the ensuing breaches carried out with the data. ID fraud, brute force attacks, and account compromises, can all often be traced back to an original data breach, simply because users utilise the same or similar passwords across multiple websites.

FlexBooker discloses data breach

More than three million user accounts of the US-based FlexBooker appointment scheduling service have been stolen in an attack and were being traded on hacker forums. The incident occurred on the 23 December 2021 but was disclosed in January. Claiming the attack is a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, drivers’ licenses, and other IDs. It is believed the database stolen contains a table with 10 million lines of customer information, including payment forms, driver license photos, names, emails, phone numbers, and passwords. FlexBooker has sent a data breach notification to customers, confirming the attack and stating that the attackers accessed and stole data on the service’s Amazon cloud storage system.