Cyber Security Roundup for July 2016

In July there were several reports affirming the continued escalation of Cybecrime in the UK, with the National Crime Agency (NCA) including cybercrime in its crime statistics for the first time, confirming there were more incidents of cybercrime than physical crime in the UK. NCA concluded that UK businesses and law enforcement were losing a “cyber arms race” with online criminals. The Information Commission’s Office (ICO) highlighted the UK Health and Local Government as the worse industries for data protection, accounting for 41% of data breaches reported to the ICO in Q1 of this year. 

The EU approved “EU-US Privacy Shield” as a replacement for ‘Safe Harbor’, however there is speculation this is merely a temporary fix, as the EU data protection committee, Working Party 29, raised concerns with the Privacy Shield agreement, which they intend to address in 2017.

BT's broadband outages in July has led to concern about the resilience of the UK's national digital infrastructure to cyber attacks.

In the games industry Pokemon Go dominated the gaming industry and cyber security headlines, with many gamers running into personal cyber security issues in their attempts to play Pokemon Go ahead of its official UK launch in mid July. Gamers were duped into downloading malicious versions of the game, and there were reports of gamers having account credential compromises as a result of signing up with dubious game downloading websites. A hacking group also claimed to had taken down the Pokemon Go servers for several hours with a DDoS attack. In other games industry news Clash of Kings and Warframe account credentials were reported to have been compromised on mass via a support forum.

There was plenty of speculation and evidence of a 'cold war' Cyberwarfare escalation, with reports of hacks against democratic (Clinton) groups in the US presidential race, and reports of large scale and 'professional' cyber attacks hitting Russian government agencies.

News

• Health Sector and Local Government Tops UK Data Breach List
• EU-US Privacy Shield data pact gets European Approval
• Cyber-Crime now Tops Traditional Crime in UK
• Criminals are winning 'Cyber Arms Race' - National Crime Agency
• 1.6m ‘Clash of Kings’ forum accounts Stolen
• Over 750,000 Warframe Accounts Compromised
• O2 Customers' details sold on the Dark Web
• Second BT Outage calls into Question the Security of Critical Infrastructure
• Pokemon Go DDoS Attack Claimed by the PoodleCorp Hacking Group
• Four Cyber Attacks On UK Railways In A Year
• Wireless Keyboards 'easy' to Snoop on
• iTunes Users Targeted In Email Phishing Scam
• Rival Cyber-Gang leaks private keys of Chimera Ransomware
• Russia Cyber Attack: Large hack 'Hits Government'
• Check Point tracks two waves of Cerber Ransomware hitting US, UK
• Apple Patches Remote Code Execution Flaws
• Symantec Security Software had 'Critical' Flaws
• Microsoft release 6 Critical Patches for Windows, Edge, IE, Office & Adobe Flash Player

Awareness & Education

• 10 Ways to Prepare for a Credentials Compromise
• Deer.io: Analysis of a One-stop shop for Cybercrime

Reports

• H1 2016 Shadow Threat Report - 98% ofEnterprise Cloud Apps are not GDPR Ready
•  Proofpoint Q2 2016 Threat Report - 69% ofEmail Attack Attachments had Locky