Here are the top stories from December that you might have missed amidst all the festive cheer…
As a very strange year drew to a close, cybercriminals didn’t let up and December recorded more than 148 million individual data records breached, bringing the total for 2020 to more than 20 billion records.
Attack via SolarWinds one of the biggest of all time
At some point between March and June last year, SolarWinds IT was compromised, with hackers inserting dormant code into a future software update version. The organisation, which supports businesses with their IT infrastructure, has clients including the Pentagon, US intelligence agencies, nuclear labs, the Commerce, Justice, Treasury and Homeland Security departments and several utilities businesses for example. In all, more than 18,000 businesses across 19 countries (including the UK), have downloaded an infected version of the software, which creates a ‘back door’ vulnerability for hackers to gain access to entire IT systems. So far, around 50 of these businesses are believed to have had the vulnerability exploited, including many US State organisations.
McAfee report highlights the 2020 cost of cybercrime
According to their new report, more than $1 trillion was lost to cybercrime between 2018 and 2020. Of this, direct monetary losses were estimated at $945 billion, with cybersecurity spending accounting for the remainder. Compared with the previous report for the two years to 2018, this represents a more than 50% increase in the societal cost of cybercrime, in just two years. Perhaps even more staggeringly, the report also highlights a lack of preparedness by businesses, with more than half of the businesses surveyed saying they had no plans in place to prevent or handle a cyber incident, and of those who do have a plan, only 32% said they feel that the plan is actually effective.
Avast discovers more than 3 million devices have been infected with malware via Chrome and Edge extensions
Antivirus security provider Avast has discovered a number of apps and extensions available for the Google Chrome and Microsoft Edge browsers, which have and continue to infect user PCs with malware without their knowledge. It seems the purpose of the malware, which includes the ability to capture personal user information and redirect users to other websites, is to monetise the traffic itself so that the hackers can earn money from the user activity. Unfortunately, the malware often lies dormant for several days, making it exceedingly difficult to detect, and reports highlight that potentially it has been operating as far back as 2018, now affecting millions of devices. Avast has contacted both Google and Microsoft to alert them to the issue, but in the meantime is recommending that users disable and remove the extensions to protect themselves going forward. A full list of the 28 extensions is available here on the Avast website…
Plastic Surgery Group has client photos stolen
Amidst all the Brexit and COVID reporting, one major story to hit the UK headlines was news that ‘The Hospital Group’ has had data compromised in a ransomware attack. The plastic surgery provider, who boasts many celebrity clients, was attacked by hackers as part of a cyber-extortion gig, with hackers threatening to release ‘before’ and ‘after’ photos of clients of the group.
Spotify resets user passwords
Spotify was forced to reset user passwords after a security firm alerted them to a leaky database, potentially affecting more than 350,000 user records. The discovery was made by vpnMentor, who found an ‘Elasticsearch’ database with more than 380 million records, of which 350,000 had been verified against the Spotify database. It is believed to be part of a ‘credential stuffing’ fraud scam, where hackers take advantage of weak passwords that users often use repeatedly for their various logins.
People’s Energy has 100% of customer data compromised
All 270,000 customers of People’s Energy have been contacted to advise that their data has been stolen as part of a sophisticated attack. The entire database was stolen, including the details of previous customers, with records including names, addresses, dates of birth, phone numbers, tariff, and energy meter IDs. No financial information was breached, which does mean that the customers should not experience any direct financial losses, however all are now vulnerable to identity and phishing attacks from the hackers.
Scottish Environment Protection Agency (SEPA) targeted in attack
On Christmas Eve, when most of us were looking forward to a well-earned rest and a little too much food, the SEPA was dealing with a ransomware attack on its systems. Thanks to the robust response plans the organisation has in place, core regulatory, monitoring, flood forecasting and warning services continued, however communication into and across the organisation was significantly impacted. The organisation is still working through the issue and assessing the full impact.
UK pension firm NOW warns of leaky data thanks to their contractor
Workplace pension provider NOW: has been forced to contact customers and warn that their data may have been compromised, thanks to an error by one of their contracting partners. A service provider used by NOW: is reported to have ‘”unintentionally” posted user data to an unnamed “public software forum”. These records include biographical data (names, email addresses, and dates of birth) as well as National Insurance numbers. According to the pension provider, the data was obtained by “a small number” of third parties and was visible for three days in December. NOW: has not yet commented on the scale of the breach but is reported to have offered all affected customers Experian Identity Plus, as well as promising to review staff training and third-party contracts.