After years of dither and delay the UK government finally nailed its colours to the mast, no not Brexit but Huawei, permitting 'limited use' of the Chinese Telecoms giant's network appliances within the UK's new 5G infrastructure. Whether this is a good decision depends more on individual political persuasion than national security interest, so just like Brexit the general view on the decision is binary, either its a clever compromise or a complete sell out of UK national security. I personally believe the decision is more about national economics than national security, as I previously blogged in 'The UK Government Huawei Dilemma and the Brexit Factor'. The UK government is playing a delicate balancing to safeguard potentially massive trade deals with both of the world's largest economic superpowers, China and United States. An outright US style ban Huawei would seriously jeopardise billions of pounds worth of Chinese investment into the UK economy. While on the security front, Huawei's role will be restricted to protect the UK's critical national infrastructure, with Huawei's equipment banned from use within the core of the 5G infrastructure. The UK National Cyber Security Centre (NCSC) published a document which provides guidance to high risk network providers on the use of Huawei tech.
UK business targeted ransomware continues to rear its ugly head in 2020, this time global foreign exchange firm Travelex's operations were all brought to a shuddering halt after a major ransomware attack took down Travelex's IT systems. Travelex services impacted included their UK business, international websites, mobile apps, and white-labelled services for the likes of Tesco, Sainsburys, Virgin Money, Barclays and RBS. The ransomware in question was named as Sodinokibi, with numerous media reports strongly suggesting the Sodinokibi ransomware infiltrated the Travelex network through unpatched vulnerable Pulse Secure VPN servers, which the National Cyber Security Centre had apparently previously detected and warned Travelex about many months earlier. Could be some truth in this, given the Sodinokibi ransomware is known to infect through remote access systems, including vulnerable Pulse Secure VPN servers. The cybercriminal group behind the attack, also known as Sodin and REvil, demanded £4.6 million in ransom payment, and had also claimed to have taken 5Gb of Travelex customer data. Travelex reported no customer data had been breached, however, its money exchange services remained offline for well over two weeks after reporting the incident, with the firm advising it expected most of its travel exchange services to be back operational by the end of January.
The same Sodinokibi criminal group behind the Travelex attack also claimed responsibility for what was described by German automotive parts supplier Gedia Automotive Group, as a 'massive cyber attack'. Gedia said it would take weeks to months before its IT systems were up and running as normal. According to analysis by US cyber security firm Bad Packets, the German firm also had an unpatched Pulse Secure VPN server on its network perimeter which left it exposed to the ransomware attack. Gedia patched their server VPN on 4th January.
Leeds based medical tech company Tissue Regenix halted its US manufacturing operation after unauthorised party accessed its IT systems. To date there hasn't been any details about the nature of this cyber attack, but a manufacturing shutdown is a hallmark of a mass ransomware infection. Reuters reported shares in the company dropped 22% following their cyber attack disclosure.
London based marine consultancy company LOC was hacked and held to be ransom by cybercriminals. It was reported computers were 'locked' and 300Gb of company data were stolen by a criminal group, investigations on this hack are still ongoing.
Its seem every month I report a massive data breach due to the misconfiguration of a cloud server, but I never expected one of leading global cloud providers, Microsoft, to be caught out by such a school boy error. Microsoft reported a database misconfiguration of their Elasticsearch servers exposed 250 million customer support records between 5th and 19th December 2019. Some of the non-redacted data exposed included customer email addresses; IP addresses; locations; descriptions of customer support claims and cases; Microsoft support agent emails; case numbers, resolutions and remarks; and confidential internal notes. It is not known if any unauthorised parties had accessed any of the leaked data.
Cyber attacks against the UK defence industry hit unprecedented highs according government documentation obtained by Sky News. Sky News revealed the MoD and its partners failed to protect military and defence data in 37 incidents in 2017 and 34 incidents in first 10 months of 2018, with military data exposed to nation-level cyber actors on dozens of occasions.
It was another fairly busy month for Microsoft patches, including an NSA revealed critical flaw in Windows 10. January also saw the end of security updates support for Windows 7 and Windows Server 2008, unless you pay Microsoft extra for extended support.
According to a World Economic Forum (WEF) study, most of the world's airports cybersecurity is not up to scratch. WEF reported 97 of the world’s 100 largest airports have vulnerable web and mobile applications, misconfigured public cloud and dark web leaks. Findings summary were:
- 97% of the websites contain outdated web software.
- 24% of the websites contain known and exploitable vulnerabilities.
- 76% and 73% of the websites are not compliant with GDPR and PCI DSS, respectively.
- 100% of the mobile apps contain at least five external software frameworks.
- 100% of the mobile apps contain at least two vulnerabilities.
Dallas County Attorney finally applied some common-sense, dropping charges against two Coalfire Red Teamers. The two Coalfire employees had been arrested on 11th September 2019 while conducting a physical penetration test of the Dallas County courthouse. The Perry News quoted a police report which said upon arrest the two men stated, “they were contracted to break into the building for Iowa courts to check the security of the building". After the charges were dropped at the end of January Coalfire CEO Tom McAndrew said, 'With positive lessons learned, a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement”. Adding “We’re grateful to the global security community for their support throughout this experience.”
- Huawei set for limited UK 5G role, but can we Trust Huawei?
- What Website Owners Should Know About Terms and Conditions
- Securing Interactive Kiosks IoTs with the Paradox OS
- Cyber Security Roundup for January 2020
- Travelex Currency Service brought to a Halt for a month by Ransomware Attack, £4.6m Demanded
- Microsoft Database Misconfiguration Exposes 250M Customer Support Records
- UK will allow Huawei limited role in 5G network
- Cyber Security Breaches hit Unprecedented Highs in UK Defence Industry
- Cyberattack halts Tissue UK Regenix’s US based Manufacturing Operations
- London Company LOC held to Ransom by Cyber Criminals
- Ryuk Ransomware impacts websites of US DOD Contractor
- Sonos Apologises for Revealing Customer Email Addresses
- Travelex Hackers shut down German car parts company Gedia in Massive ‘Cyber Attack’
- Landry's Notifies Customers of Payment Card Data Breach
- Wawa Customer Payment Card Data for Sale
- Ransomware Attack takes US Maritime Base Offline
- Twitter and Facebook Accounts for 15 NFL Teams Hacked
- Burglary Charges dropped against Coalfire Red Teamers
- Microsoft Patches 49 Vulnerabilities, including 8 Critical for RDP, IE and .NET
- Adobe Patch Tuesday
- NSA reveals to Microsoft Critical Windows 10 flaw
- Microsoft phases out Windows 7 Support
- Mozilla Patches Exploited Zero-Day Flaw in Firefox
- Cisco Patches Multiple Vulnerabilities
- Cisco Repairs 12 Bugs in its Data Center Network Manager
- Intel Patches Six Security Issues
- Apple Patches dozens of Security Flaws
- Hackers play on Coronavirus fears to spread Emotet
- Attackers distill essence of Mirai IoT botnet into LiquorBot Malware
- APT40 Hacking Group linked to 13 Alleged Front Companies in Hainan, China
- Renewed Emotet phishing activity targets UN, Government and Military users
- Nemty Ransomware makers may be latest to adopt Data Leak Strategy
- Snake Ransomware Targeting Enterprise Networks
- Study: Cybersecurity lacking at most of the World’s Major Airports