Cyber Round-up

Cyber Round-up for 26th October

Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.

Just Another Failure in Airline Security

And this time it’s the giant Cathay Pacific in the news for another huge data leak. The Hong Kong airline is reported to have suffered a major leak of customer data, that affects approximately 9.5 million passengers.

Cathay’s investigation into the breach, which involved the Hong Kong Police and authorities, has been ongoing for some time, after suspicious activity was detected on their systems back in March 2018. Cathay have confirmed that passenger personal information was accessed without authorisation which included names, addresses, date of births, email addresses, passport numbers, identity cards and credit card information.

Criticism has been raised to the amount of time it has taken Cathay to report the breach to its users, but this has been defended by the company, stating that they felt it was key to deliver accurate information, before disclosing the breach, to prevent panic.

This news arrives on the back of the data breach at British Airways last month, where 380,000 customer details were stolen. This now looks like a drop in the ocean and is completely overshadowed by the extent of the records lost by Cathay Pacific.

Reuters have reported a significant loss in share price, dropping 7% to a 9-year low as a result of the breach, and they are not expecting this to improve in the short term.

Cathay Pacific has published an InfoSecurity page which includes information on the breach, and what to do if you think you may have been affected. They also have a twitter account (linked below) for direct contact if required.

https://infosecurity.cathaypacific.com/en_HK.html

Twitter: https://twitter.com/CxInfosec

Publishing House Warns of Increase in Phishing Scams

The publisher Penguin Random house has recently released information warning of a significant increase in phishing scams which started in Asia, and have spread to Europe, the UK and the United States.

These scams have targeted agencies and publishers, in order to gain access to sensitive information and attempt to steal manuscripts. The scammers typically pose as legitimate trusted literary agents, using real spoofed email addresses and websites to convince the targets to share the information, before converting the stolen manuscripts to e-books and selling them online.

PRH said “Like other companies, Penguin Random House takes all reports of phishing activity and email scams seriously and, when appropriate, notifies its employees to recognize and prevent such attempts. Employee awareness and training, particularly with respect to phishing scams, is a critical component of our company’s cybersecurity program,”

The NCSC’s guidance to publishing organisations is to remain vigilant to the possibility of phishing attacks. Todays phishing attacks are becoming far more sophisticated and difficult to detect, often including real names, real email addresses and websites. Statements such as this may also be included: ‘To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number’.

https://www.publishersweekly.com/pw/by-topic/international/Frankfurt-Book-Fair/article/78336-phishing-scam-seeking-manuscripts-spreads-worldwide.html

For more information on preparing and protecting yourself from phishing attacks please see the published guidance from the NCSC.

https://www.ncsc.gov.uk/phishing

FreeRTOS IoT Devices Exposed to Multiple Vulnerabilities

Researchers at Zimperium have identified thirteen vulnerabilities in the market leading FreeRTOS open source real time operating system, that is used by millions of IoT devices and embedded platforms worldwide. FreeRTOS is maintained by Amazon Web Services who took it on-board in 2017.

These vulnerabilities, that exist in the FreeRTOS’s TCP/IP stack, include Remote Code Execution, Denial of Service, and Information leakage flaws that can result in the complete compromise of an affected device.

Affected versions include, FreeRTOS up to v10.0.1, AWS FreeRTOS up to v1.3.1, the commercial version OpenRTOS, as well as the safety-oriented version called SafeRTOS.

Zimperium have collaborated with AWS to produce patches for these vulnerabilities, which are now available in v1.3.2 upwards.

If you believe you are running devices that include FreeRTOS or the other versions mentioned above, then it is recommended that you apply patches, or upgrade to the latest firmware as soon as possible.

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/

Morrisons take the Blame for Rogue Insider

The Morrisons data breach case that stretches back to 2014, took another turn this week when the Court of Appeal upheld the initial High Court ruling, that Morrisons were responsible for breaches in employee privacy, and they could now face a massive pay-out to those affected.

Andrew Skelton, a senior auditor at Morrisons, was jailed for leaking the payroll data of approximately 100,000 employees, when he posted personal information that included names, bank details and salaries online.

This case was brought to Court when over 5500 employees sought compensation for stress related to their personal information being disclosed, and the possible exposure to identity theft and financial loss.

Morrisons remain defiant that they did all they could to protect their employees, working to quickly take down the leaked data, and think they should not be held responsible. After another court room loss, they will now progress to the UK Supreme Court, to continue their battle.

These types of breaches prove that protecting against the insider threat is as important (if not more important) than protecting against the external threats from the internet. Organisations must defend against the insider threat, by following some base principles:

  • Ensure that staff are provided only the privileges they require to perform their role;
  • Segment critical systems away from user networks;
  • And apply the appropriate access controls through the network to limit communication with critical systems.

https://news.sky.com/story/morrisons-faces-vast-data-leak-compensation-payment-11532490

PWC Law Firms Survey ranks Cyber Threats in Top Risks

PWC have released their 2018 Annual Law Firm survey results, which highlights that Cyber threats and technology developments rate high in the top concerns for Law firms in the last 12 months.

Cyber threats are seen as increasingly common with the Board of Directors, who are now having to focus much more on the real risk posed by attacks, and instances of data loss, that are not going away any time soon.

The report states:

“There are many threats to law firms achieving their growth ambitions, but those that cause the biggest concern are Brexit, shortage of talent, cyber threats and technology.”

86% of the Top 10 Law Firms, 92% of the Top 26-50, and 86% of the Top 51-100, see Cyber threats as their biggest risk and cause for concern. As these firms hold large amounts of client data and confidential information, it makes them a greater target for external actors.

These levels of concern are warranted, since 60% of firms reported a security related incident throughout the last year, which remains consistent with the reports of 61% in the previous year. The 2018 report can be found below:

https://www.pwc.co.uk/industries/law-firms/pwc-law-firms-survey-report-2018-final.pdf

This is more proof that the threat of cyber-attack is prevalent across all industries in today’s internet connected world. Malicious actors are not letting up or taking a break, nor should you.

Don’t put off your cyber security plan, or think you won’t be a victim, prepare and improve your cyber defences today, before it’s too late.

And that’s it for this week, please don’t forget to tune in for our next instalment.

Sign Up

To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList

You can also follow us using the social media links provided.

If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview

 

Ironshare – Security Simplified

 

Edition #14 – 26th October 2018