Cyber Security Roundup for October 2018

Aside from Brexit, Cyber Threats and Cyber Attack accusations against Russia are very much on the centre stage of UK government's international political agenda at the moment. The government publically accused Russia's military 'GRU' intelligence service of being behind four high-profile cyber-attacks, and named 12 cyber groups it said were associated with the GRU. Foreign Secretary Jeremy Hunt said, "the GRU had waged a campaign of indiscriminate and reckless cyber strikes that served no legitimate national security interest".

UK Police firmly believe the two men who carried out the Salisbury poisoning in March 2018 worked for the GRU.

• What is Russia's GRU Intelligence Agency?
• The risks of cyber-conflict with Russia
• Russia accused of net hack attacks
• Russian spy: What happened to the Skripals?

The UK National Cyber Security Centre said it had assessed "with high confidence" that the GRU was "almost certainly responsible" for the cyber-attacks, and also warned UK businesses to be on the alert for indicators of compromise by the Russian APT28 hacking group.  The NCSC said GRU hackers operated under a dozen different names, including Fancy Bear (APT28), had targetted:

• The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes' data was later published 
• The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia.
• Ukraine's Kyiv metro and Odessa airport, Russia's central bank, and two privately-owned Russian media outlets - Fontanka.ru and news agency Interfax - in October 2017. They used ransomware to encrypt the contents of a computer and demand payment 
• An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen

FireEye attributed TRITON ICS attack to Russia,  the US Cyber Command launches its first acknowledged offensive action against individual Russians and worryingly, it was reported that MoD secrets exposed in dozens of cybersecurity breaches.

Facebook was fined the maximum amount of £500,000 under pre-GDPR data protection laws by the UK Information Commissioner's Office (ICO) over the Cambridge Analytica Scandal. Facebook could face a new ICO fine after revealing hackers had accessed the contact details of 30 Million users due to a flaw with Facebook profiles. The ICO also revealed a 400% increase in reported Cyber Security Incidents and another report by a legal firm RPC said the average ICO fines had doubled, and to expect higher fines in the future. Heathrow Airport was fined £120,000 by the ICO in October after a staff member lost a USB stick last October containing "sensitive personal data", which was later found by a member of the public.

Notable Significant ICO Security Related Fines

• Facebook fined £500,000 over Cambridge Analytica Scandal. The ICO said that the fine would have been considerably higher under the GDPR which came into force on 25 May this year but cannot be applied to this case due to the timing of events.
• Equifax fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber-attack in 2017
• Carphone Warehouse fined £400,000 for failing to adequately protect customer and employee data
• TalkTalk fined £400,000 after 157,000 customer records were stolen in 2015
• Sony fined £250,000 following the PlayStation network hack in 2013
• The British and Foreign Bible Society fined £100,000 in June 2018 following a cyber-attack that compromised personal data of 417,000 people

Last month's British Airways website hack was worse than originally reported, as they disclosed a second attack which occurred on 5th September 2018, when the payment page had 22 lines of malicious Javascript code injected in an attack widely attributed to Magecart.  Another airline Cathay Pacific also disclosed it had suffered a major data breach that impacted 9.4 million customer's personal data and some credit card data.

Morrisons has lost a challenge to a High Court ruling which made it liable for a data breach, after an employee, since jailed for 8 years, stole and posted thousands of its employees' details online in 2014.  Morrisons said it would now appeal to the Supreme Court., if that appeal fails, those affected will be able to claim compensation for "upset and distress". 

Interesting article on Bloomberg on "How China Used a Tiny Chip to Infiltrate U.S. Companies". However, there was a counter-narrative to the Bloomberg article on Sky News. But didn't stop Ex-Security Minister Admiral Lord West calling the Chinese when he said Chinese IT Kit 'is putting all of us at risk' if used in 5G.  He raises a valid point, given the US Commerce Department said it would restrict the export of software and technology goods from American firms to Chinese chipmaker Fujian Jinhua BT, which uses Huawei to supply parts for its network, told Sky News that it would "apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government". Recently there have been warnings issued by the MoD and NCSC stating a Chinese espionage group known as APT10 are attacking IT suppliers to target military and intelligence information.

NCSC is seeking feedback on the latest drafts 'knowledge areas' on CyBOK, a Cyber Security body of knowledge which it is supporting along with academics and the general security industry.

Google are finally pulling the plug on Google+, after user personal data was left exposed. Google and the other three major web browser providers in the world said, in what seems like coordinated announcements, businesses must accept TLS Version 1.0 and 1.1 will no longer support after Q1 2018.

• Google with Chrome, said it will depreciate the protocol versions from January 2020
• Mozilla with Firefox  have set a deprecation date of March 2020
• Apple with Safari  have a deprecation date of March 2020
• Microsoft said both Edge and IE will disable the protocols in the 'first half' of 2020.

So its time to move over to the more secure TLS V1.2 or the more secure & efficient TLS V1.3.

NEWS

• UK Blames Russian GRU for Cyber Attacks and Vows to Respond
• BA Website and Data Breach by Magecart deeper than first thought
• Morrisons Loses Court Appeal over Employee Data Theft
• Cathay Pacific Data Breach exposes PII of 9.4 million Customers
• CyBOK: Feedback sought on NCSC's Cyber Security Body of Knowledge
• Big Four Web Browser Providers say Businesses must Accept TLS v1.0 & v1.1 End of Life by Q1 2020
• Facebook fined £500k by ICO over Cambridge Analytica Scandal
• Hackers Accessed Names and Contact Details of nearly 30 Million Facebook Users
• Chinese IT Kit 'putting all of us at risk' if used in 5G says Ex-security minister Admiral Lord West 
• MoD Secrets Exposed in dozens of Cyber Security Breaches
• Plug pulled on Social Network Google+ after Users’ Data Left Exposed
• Heathrow fined £120K by the ICO for USB stick Data Breach
• Fifa Hacked again as officials fear Information has been illegally obtained
• US Weapons Systems can be 'easily hacked'
• UK Government Launches IoT Code of Practice
• Microsoft Patches 49 Vulnerabilities, 12 of which are Critical for Chakra, IE\Edge, MS XML, Scripting Engine & Hyper V
• Adobe Releases Fixes 86 Vulnerabilities for Acrobat and Acrobat Reader
• Adobe Patches Vulnerabilities in Adobe Digital Editions, Experience Manager, FrameMaker & Tech Comms Suite
• TP-Link (TL-WRN841N) Router Vulnerable to Remote Takeover Flaw
• Cisco release Patches for 36 Vulnerabilities, 3 of which are Critical
• Cisco Patches Command Injection Bug in WebEx Meetings Desktop App for Windows
• Vulnerability found in Sophos Anti-Malware Product
• Oracle release Security Updates for 45 Critical-Rated Vulnerabilities
• Amazon Patches IoT and Critical Infrastructure Security Flaws

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• FireEye outs APT38 as North Korean Cyber Bank Heist Gang
• APT28 Threat: National Cyber Security Centre warning to UK Companies 
• DDoS and Ransomware tools for Starter and Experienced Cybercriminals Exposed
• Cobalt Gang targets Banks and Financial Service providers by sneaking PDFs past staff
• Enigmatic Cyber Espionage Campaign revives source code from old foe APT1
• Exploit Kits: Autumn 2018 Update 
• Crypto-Locking Kraken Ransomware Looms Larger

REPORTS

• ICO reveals 400% Increase in Reports of Cyber-Security Incidents
• ICO Average data breach fines have doubled as ICO hints at Higher Fines
• Radware 2018 State of Web Application Security Report 
• Abandoned Web Applications 'hidden threat to Corporate Security’ says High-Tech Bridge Report