In one of the worst months on record for data breaches, more than 2.3 billion records were recorded as breached in February 2021, as successful ransomware attacks accelerated. Here’s what you need to know in our February cybersecurity recap:
Hacker attempts to poison water supply…
At the beginning of February, a hacker gained control of Florida City’s water treatment plant and used their access to try and poison the city’s water supply. An operator at the plant initially noticed his cursor moving without his mouse, but assumed it was his superiors using remote monitoring software to run tests. However, the same plant worker then noticed that the cursor continued moving, and changed the setting of sodium hydroxide within the water from 100 parts per million (ppm) to 11,100 ppm. While other safety measures are in place to prevent this kind of change, the attacker seemingly accessed the system via the TeamViewer software and used it to cause chaos.
nPower app hacked…
nPower has suspended its mobile app, after revealing that an attack has compromised “some customers” financial and personal information. The UK energy provider has not confirmed how many accounts were compromised, but has informed the Information Commissioner’s Office and issued the following statement: “We identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as ‘credential stuffing’,” the firm said in a statement. We’ve contacted all affected customers to make them aware of the issue, encouraging them to change their passwords and offering advice on how to prevent unauthorised access to their online account.”
Total Fitness hit by ransomware…
According to a statement released on 5 February 2021, Total Fitness fell victim to a ransomware attack at the end of January. Their statement reads: “On 26th January, Total Fitness’ threat detection software exposed a cyber-attack affecting our internal systems, processes, and communications. Immediately following the attack, our well-rehearsed recovery and continuity plans were instigated which included the lock down and securing of all Total Fitness information. Total Fitness is continuing to respond to the ongoing ransomware attack likely to be by international serious and organised cyber-crime groups. The matter is subject to a live criminal investigation. Our Incident Response Team are informing and collaborating with expert organisations including the National Cyber Security Centre, the North West Regional Organised Crime Unit, the National Crime Agency and the Information Commissioner’s Office on what is a complex and sophisticated criminal act.”
Oxford University department hacked…
The biology lab at Oxford University that is responsible for current Covid-19 research, has reported a cyberattack on its systems. The University confirmed the breach after a number of its systems from the Division of Structural Biology were being shown off online, including machines used to prepare biochemical samples. A spokesperson at the University commented “We have identified and contained the problem and are now investigating further. There has been no impact on any clinical research, as this is not conducted in the affected area. As is standard with such incidents, we have notified the National Cyber Security Centre and are working with them.”
Kia & Hyundai deny reported hack…
According to online reports, hackers from the DopplePaymer ransomware gang are demanding $20million extortion payment, yet Kia and its parent company Hyundai are denying there’s been an attack. Both Kia and Hyundai have had IT outages since news of the attack broke, but issued the following statements:
Kia: “We are aware of online speculation that Kia is subject to a ransomware attack. At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack”
Hyundai: “Hyundai Motor America is experiencing an IT outage affecting a limited number of customer-facing systems. Those systems are in the process of coming back online. We would like to thank our customers for their continued patience. At this time, we can also confirm that we have no evidence of Hyundai Motor America or its data being subject to a ransomware attack”.
DocuSign warns of a spate of phishing attacks using its brand name…
As one of the leading providers of eSign software, DocuSign has been plagued with a spate of Phishing emails purporting to be from DocuSign. While nothing has been compromised at DocuSign, these emails risk compromising the user’s system if they are accidentally clicked. Therefore, the brand has provided several handy tips for spotting the fakes:
- All URLs to view or sign DocuSign documents will contain “docusign.net/” and will always start with https.
- All legitimate DocuSign envelopes include a unique security code at the bottom of notification emails. If you do not see this code, don’t click on any links or open any attachments within the email, forward it to their spam email
- Access documents directly via docusign.com, rather than clicking on the links
- Don’t open unknown or suspicious attachments, or click links—DocuSign will never ask you to open a PDF, office document or zip file in an email
Read more in their Combating Phishing White Paper.
NurseryCam Security Breach…
NuseryCam is a webcam system which allows parents to see their children at nursery. It has suffered a cybersecurity breach, including details of parents’ logins. It is not thought that anyone viewed the cameras or compromised personal safety, but the servers have been shut down as a precautionary measure. Once again, it’s a reminder that smart tech needs to be secured with quality cyber security protocols…
Google warns of Zero-Day vulnerabilities…
According to research by Google, 25% of Zero-Day Cyberattacks could have been avoided, if previous software vulnerabilities had been properly patched. They found that 1 in 4 zero day attacks exploited software vulnerabilities that were eerily similar to previously identified vulnerabilities, which the software developers had failed to properly fix! Read more about the problem on the Google blog…