A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, December 2020.
A suspected nation-state sophisticated cyber-attack of SolarWinds which led to the distribution of a tainted version the SolarWinds Orion network monitoring tool, compromising their customers, dominated the cyber headlines in mid-December 2020. This was not only one of the most significant cyberattacks of 2020 but perhaps of all time. The United States news media reported the Pentagon, US intelligence agencies, nuclear labs, the Commerce, Justice, Treasury and Homeland Security departments, and several utilities were all compromised by the attack. For the full details of the SolarWinds cyber-attack see my article Sunburst: SolarWinds Orion Compromise Overview
Two other cyberattacks are possibly linked to the SolarWinds hack was also reported, the cyber-theft of sophisticated hacking tools from cybersecurity firm FireEye, a nation-state actor is suspected to be responsible. And the United States National Security Agency (NSA) advised a VMware security vulnerability was being exploited by Russian state-sponsored actors.
Amidst the steady stream of COVID-19 and Brexit news reports, yet another significant ransomware and cyber-extortion attack briefly made UK headlines. Hackers stole confidential records, including patient photos, from UK cosmetic surgery chain 'The Hospital Group', and threatening to publish patient's 'before and after' photos. The UK cosmetic surgery firm, which has a long history of celebrity endorsements, confirmed it was the victim of a ransomware attack, and that it had informed the UK's Information Commissioner's Office about their loss of personal data.
Spotify users had their passwords reset after security researchers alerted the music streaming platform of a leaky database which held the credentials of up to 350,000 Spotify users, which could have been part of a credential stuffing campaign. Security researchers at Avast reported 3 million devices may have been infected with malware hidden within 28 third-party Google Chrome and Microsoft Edge extensions.
A McAfee report said $1 Trillion was lost to cybercrime in 2020, and companies remained unprepared for cyberattacks in 2021.
Stay safe and secure.
- Trends in IT-Security and IAM in 2021, the “New Normal” and beyond
- Fact vs. Fiction: Film Industry's Portrayal of Cybersecurity
- Six Trends Shaping the 2021 Cybersecurity Outlook
- Predicated Data Classification Trends for 2021
- Sunburst: SolarWinds Orion Compromise Overview
- The Dangers of Security Vulnerability Scoring Dependency
- Cyber Security Roundup for December 2020
- Sunburst: SolarWinds Orion Compromise
- Cybersecurity firm FireEye Compromised and Hacking Tools Stolen by a suspected Nation-State Actor
- 3 Million Users Hit with Infected Google Chrome and Microsoft Edge Extensions
- Hackers Threaten to Leak Plastic Surgery Pictures
- 45 Million Medical Imaging Files Exposed Online
- Spotify Reset Passwords following Data Breach
- Kaspersky Statistics of the Year Report
- McAfee Hidden Cost of Cybercrime Report: $1 Trillion lost to Cybercrime in 2020, companies remain ill-prepared