Cyber Security Roundup for April 2018

The fallout from the Facebook privacy scandal rumbled on throughout April and culminated with the closure of the company at the centre of the scandal, Cambridge Analytica.

• Overview of Facebook and Cambridge Analytica
• Facebook's Zuckerberg faces formal summons from MPs
• Facebook to contact 87 million users affected by data breach
• Canada data firm AIQ may face legal action in UK
• Facebook to vet UK political ads for May 2019 local elections
• Facebook to exclude billions from European privacy laws

Ikea was forced to shut down its freelance labour marketplace app and website 'TaskRabbit' following a 'security incident'. Ikea advised users of TaskRabbit to change their credentials if they had used them on other sites, suggesting a significant database compromise.

TSB bosses came under fire after a botch upgraded to their online banking system, which meant the Spanished owned bank had to shut down their online banking facility, preventing usage by over 5 million TSB customers. Cybercriminals were quick to take advantage of TSB's woes.

Great Western Railway reset the passwords of more than million customer accounts following a breach by hackers, US Sun Trust reported an ex-employee stole 1.5 million bank client records, an NHS website was defaced by hackers, and US Saks, Lord & Taylor had 5 million payment cards stolen after a staff member was successfully phished by a hacker.

The UK National Cyber Security Centre (NCSC) blacklist China's state-owned firm ZTE, warning UK telecom providers usage of ZTE's equipment could pose a national security risk. Interestingly BT formed a research and development partnership with ZTE in 2011 and had distributed ZTE modems. The NCSC, along with the United States government, released statements accusing Russian of large-scale cyber-campaigns, aimed at compromising vast numbers of the Western-based network devices.

• NCSC: Joint US - UK statement on malicious cyber activity carried out by the Russian government
• US-Cert Alert (TA18-106A) - Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

The NCSC warned about CNI supply chains coming under sustained attack, also said the UK is being hit with more online attacks than ever before.

IBM released the 2018 X-Force Report, a comprehensive report which stated for the second year in a row that the financial services sector was the most targeted by cybercriminals, typically by sophisticated malware i.e. Zeus, TrickBot, Gootkit. NTT Security released their 2018 Global Threat Intelligence Report, which unsurprisingly confirmed that ransomware attacks had increased 350% last year.  

A concerning report by the EEF said UK manufacturer IT systems are often outdated and highly vulnerable to cyber threats, with nearly half of all UK manufacturers already had been the victim of cybercrime. An Electropages blog questioned whether the boom in public cloud service adoption opens to the door cybercriminals.

Finally, it was yet another frantic month of security updates, with critical patches released by Microsoft, Adobe, Apple, Intel, Juniper, Cisco, and Drupal.

NEWS

• Ikea’s Task Rabbit App hit by Cyber Security Incident
• At least 432 UK Businesses to be Affected by NIS Cyber-Security Regulation
• TSB 'Data Breach' amid Online Banking Upgrade Chaos
• Great Western Railway Accounts Breached
• NHS Website Defaced by Hackers
• Equifax Data Breach cost hits £175 million - £91 million insured
• Sun Trust Ex-Employee Stolen 1.5 Million Bank Clients
• Ransomware Infects Ukraine Energy Ministry Website
• UK National Cyber Security Centre Blacklists one of China's State-Owned ZTE
• 1.5bn Sensitive Files are Exposed on the Internet – Digital Shadows
• Almost 3 Million EU citizens hit by Facebook Data Breach
• Saks, Lord & Taylor Staff Phish lead to an up to 5 Million Payment Card Data Breach
• Will the boom in public cloud services open the doors to cyber criminals?
• Microsoft Patches 63 Vulnerabilities for IE/Edge, Exchange, Office ChakraCore & Flash
• Microsoft issues more Spectre Updates (Out-of-Band Update)
• Adobe Releases Critical Fixes for Flash Player
• Apple release updates to fix Security issues in iOS, macOS, Safari and various Apps
• Insecure default configuration still endangering SAP users after 13 years
• Intel Urges users to Delete Remote Keyboard App and halts Spectre fixes
• Juniper Patched Multiple Vulnerabilities
• Cisco Patches Vulnerability in WebEx
• Hackers using Flaw in Cisco Switches to Attack
• Drupal Releases Patch for a Code-Execution Bug Actively being Exploited

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• Russian State-sponsored Hackers Attacking network infrastructure says UK & US Govs
• UK Hit by 'More Online Attacks than Ever Before’ according to NCSC
• NCSC warns CNI Supply Chain under Sustained Attack
• New Hacker Groups emerging in Asia and in the Middle East
• Orangeworm attacks X-Ray machines in campaign spanning UK, Europe, US
• Massive Phishing Campaign Targets Half a Billion Users in Q1 2018
• North Korea likely Culprit in Complex GhostSecret Cyber-Espionage Campaign

REPORTS

• The Cyber Threat to UK business 2017-2018 report by NCSC & NCA
• 2018 IBM X-Force Report: Financial services Industry most targeted with Malware
• NTT Security 2018 Global Threat Intelligence Report: Ransomware up 350%
• EEF Report: UK Manufacturers often outdated & Highly Vulnerable to Cyber Threats