Driven by the widespread issue of ransomware, more than 1 billion records were breached in April 2021, across more than 140 separate incidents. Ransomware currently accounts for roughly 1 in every 3 data breach incidents, so much so that UK authorities are encouraging people to start reporting the incidents to the police rather than paying the ransom to help limit the lucrativeness of this type of programme. During the month, there have been all sorts of incidents affecting UK businesses, including:

Think before you link

A warning from MI5 is encouraging people to think before they make connections on LinkedIn, after identifying that nation state threat actors are using fake profiles to target UK users. The intention seems to be to recruit users to a cause, and/or to gather sensitive information. The report reveals that more than 10,000 staff from UK Government departments and major industries have been taken in by the fake accounts. You can see more information and view the informational video on the Centre for the Protection of National Infrastructure website here… 

Ransomware Task Force releases framework to combat ransomware wave

The Ransomware Task Force brings together international organisations including the National Centre for Cyber Security, and the FBI for example, with private organisations including Microsoft, to develop strategies and solutions to combat ransomware. The group has released a 48 strategy framework to combat the problem, published in an 80-page report which highlights that “It will take nothing less than our total collective effort to mitigate the ransomware scourge.” The strategies include designating ransomware as a threat to national security, increasing the regulation of cryptocurrency, and launching a recovery fund to support victims to overcome the problem rather than pay the ransom. You can view the framework and top five priorities here…

Poor password hygiene

Tut tut! It seems like us Brits are still poor at password protection! According to National Cyber Security Centre:
☠️ 6% of us still use ‘password’ in our password
☠️ 15% of us use a pet’s name
☠️ 14% use a family member’s name
☠️ 13% use a notable date
☠️ 6% use a string of letters or numbers e.g. 123456
☠️ 5% use a favourite TV show.

Not only are these top of the list for hackers to guess your password, but they may also be in use in your business infrastructure if you let your team members set their own passwords! It’s time for a rethink of the password strategy, to make sure your business systems aren’t easily compromised.

Ransomware on the rise and costing more and more

According to research by Kapersky, last year:
☠️ 46% of businesses affected by ransomware, paid ransoms to extortionists, and 11% of those that did, didn’t regain access to their files
☠️ Only 18% of businesses were able to fully restore their systems after an attack, whether they paid the ransom or not
☠️ 50% lost at least some files, 32% lost a significant amount, 18% lost a small number of files and 13% lost almost all their data.

Meanwhile, the cost of ransomware incidents is rising, and so too is the issue of ‘double extortion’ where hackers seek first to extort money to return your files, and second seek to extort money by threating to email your contacts. Last year:

💰 Average ransom payments were just over $115k in 2019, rising to more than $312k in 2020
💰 The highest ransom paid doubled: $10 million in 2020 compared with $5 million in 2019
💰 The highest ransom request rose from $15 million in 2019 to $30 million in 2020
💰 2020 saw a huge rise in double extortion with criminals encrypting data and demanding a ransom, then stealing files and demanding a second ransom!

Facebook faces mass legal action over data breach

Despite claims that the data is old, and that the breach was revealed when it happened back in 2019, Facebook may now face mass legal action over more than 530million breached files, with a digital privacy group is preparing to take a case to the Irish courts on behalf of EU citizens affected. Facebook denies any wrongdoing, highlighting that the data was ‘scraped’ from publicly available information on people’s profiles, but the data has recently resurfaced online for anyone to access, and features a wealth of personal information, much of which has not changed. You can check if your phone number or email address were compromised, using the Have I Been Pwned website…

Software glitch may be responsible for HMRC data breach

Apparently, thousands of late penalty notices were issued to individuals and agents, containing information and data that was not meant for them or their clients. The notices were received by post, and were mostly received within envelopes that also contained the correct notice as well. HMRC advises that the problem was due to a software issue and the underlying cause is thought to be linked to inadequate testing. Nearly 18,500 individual records were breached and just under 15,500 agents received these notices. Agents are being asked to confidentially destroy the notices, or return them to HMRC for processing, while HMRC investigates in the meantime.

DHL scam text messages target millions of Brits

Millions of Brits have received a fake text message, purporting to be from DHL, with the message “DHL: Your parcel is arriving, track here”. The link then prompts the download and installation of the spyware “flubot” which has been designed to steal banking information from android devices. This is another important reminder to think before you click and make sure the link is one you trust, and one that you expect!

University of Portsmouth closes campus after ransomware attack

During the Easter break, the University of Portsmouth was forced to close its campus, and warn onsite staff not to logon to the network, after the IT systems suffered a major ransomware attack. The investigation remains ongoing.

Merseyrail identifies cyberattack after hackers use their email system to notify journalists of the hack

After what looks like an attack of Lockbit ransomware, Merseyrail, who operate trains around Liverpool on the UK rail network, has launched an investigation. Reportedly, journalists received emails direct from the Merseyrail network, including from its Director.

Israel claims credit for cyberattack on Iran nuclear facility

Just hours after the centrifuges were started at the Natanz reactor, it was shut down again, reportedly after a nation state attack from Israel. Iran has since warned of retaliation after the attack interrupted what was intended as a ‘pivotal moment’ in the country’s nuclear programme.