Cyber Security Roundup for July 2018

The importance of assuring the security and testing quality of third-party provided applications is more than evident when you consider an NHS reported data breach of 150,000 patient records this month. The NHS said the breach was caused by a coding error in a GP application called SystmOne, developed by UK based 'The Phoenix Partnership' (TTP). The same assurances also applies to internally developed applications, case-in-point was a publically announced flaw with Thomas Cook's booking system discovered by a Norwegian security researcher. The research used to app flaw to access the names and flights details of Thomas Cook passengers and release details on his blog. Thomas Cook said the issue has since been fixed.

The Information Commissioner's Office (ICO) fined Facebook £500,000, the maximum possible, over the Cambridge Analytica data breach scandal, which impacted some 87 million Facebook users. Fortunately for Facebook, the breach occurred before the General Data Protection Regulation came into force in May, as the new GDPR empowers the ICO with much tougher financial penalties design to bring tech giants to book, let's be honest, £500k is petty cash for the social media giant. 
Facebook-Cambridge Analytica data scandal
Facebook reveals its data-sharing VIPs
Cambridge Analytica boss spars with MPs

A UK government report criticised the security of Huawei products, concluded the government had "only limited assurance" Huawei kit posed no threat toUK national security. I remember being concerned many years ago when I heard BT had ditched US Cisco routers for Huawei routers to save money, not much was said about the national security aspect at the time. The UK gov report was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 in response to concerns that BT and other UK companies reliance on the Chinese manufacturer's devices, by the way, that body is overseen by GCHQ.

Banking hacking group "MoneyTaker" has struck again, this time stealing a reported £700,000 from a Russia bank according to Group-IB. The group is thought to be behind several other hacking raids against UK, US, and Russian companies. The gang compromise a router which gave them access to the bank's internal network, from that entry point, they were able to find the specific system used to authorise cash transfers and then set up the bogus transfers to cash out £700K.

NEWS

• NHS Data Breach affects 150,000 Patients due to Third-Party Supplier Coding Error
• Names and flight details exposed in Thomas Cook Customer Data Breach
• Hackers net almost $1m in Russian Bank Raid
• Hacker found selling info on top-secret MQ-9 Reaper UAV on the Dark Web
• Ex-Apple Engineer on Route to China Arrested for stealing secret info on Autonomous Car Project
• Telefonica Breach leaves Data on Millions Exposed
• Facebook fined £500,000 by the ICO for Cambridge Analytica Data Breach
• UK Gov Criticises the Security of Huawei Products
• Flaws in Health and Fitness Wearables help Hackers poach Personal Data of Users
• Singapore Personal Data Hack hits 1.5m, Health Authority says

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• Banking Trojans Rocket & Cryptomining here to stay
• BAE Systems launches ‘The Intelligence Network’
• Two New Spectre Vulnerability Variants Emerge
• New and Improved Magniber Ransomware within Asia

REPORTS

• Russia leads the Nation-state Attacks against Business according to a Report by Carbon Black
• Financial Times Special Report on Cyber Security
• Banking Trojans rocket, while cryptomining is here to Stay according to the Check Point Global Threat Index
• The share of Cryptomining attacks grew from 7% to 32% of all Attacks in just Six months