Wednesday 24 March 2021

Reducing Human Error Security Threats with a Remote Workforce

Article by Beau Peters

For better or worse, the COVID-19 pandemic changed the way we work and our corresponding cybersecurity needs. Now, millions of us across the world are adapting to remote work. And this requires securing our networks for the new normal of IT infrastructures.

Surprisingly, a large portion of cyberattacks can be best prevented by reducing the risks to a remote workforce created by human error. Lack of employee knowledge, distraction, and neglect all can leave remote networks vulnerable.

While there is no way to guarantee against data breaches, securing the human element can help mitigate security threats and improve the integrity of your remote work systems. This article will explore not only the cost of human error but the practices you can employ to prevent it.

The Cybersecurity Cost of Human Error
While many security executives agree that ransomware poses the greatest threat to security infrastructure, a majority believes that human error is the greatest risk to their business operations. In a survey of UK&I CISOs, 55% said that human error posed a risk no matter what protections are in place.

Damaging employee mistakes often come in the form of clicking or downloading malicious content, interacting with phishing emails, and unauthorized use of a device or app. In the shift to remote work, these risks can be even more damaging, as they have the potential to take down entire networks, increase downtime, and result in massive security costs.

With an estimated 900% increase in ransomware attacks during the first half of 2020 alone, hackers are stepping up their game to infiltrate vulnerable systems. On average, these attacks cost even smaller businesses as much as £520,000 ($713,000). This makes securing systems and employee behaviour against these attacks an important cost savings priority.

Fortunately, there are plenty of simple strategies you can employ in your tech processes to mitigate the risks of staff error, even while working remotely.
How to Reduce Human Error

Reducing human error to alleviate cybersecurity risk can be done through a few different approaches. From creating an employee education program to enhancing your application of modern tech, your remote workforce can interact more safely with your virtual workspace. These five strategies can help you reduce human error security threats:

1. Invest in Employee Education
Employee education is one of your best tools in combating the risks posed by human error. As technology changes, so do the phishing and social engineering methods of scammers and hackers. No matter how up-to-date on trends in cyber threats your workforce is, an employee education program can be a great way to increase employee awareness.

Create an employee cybersecurity education program or find a third-party course to provide your employees with some additional training. As a result, they can approach their remote work more cautiously.

2. Follow Cybersecurity Best Practices
Employee education is also a great place to instil a pattern of best practices surrounding cybersecurity. These will be a necessary foundation for ensuring that cybersecurity is considered in every aspect of the business. For remote workers, these best practices include:
  • Understand the resources and IT staff available to you.
  • Always use a virtual private network (VPN).
  • Build an authorization system that is secure and traceable.
  • Encrypt all sensitive materials.
  • Secure systems over cloud databases.
Build these practices into company culture to give your employees better methods to approach security.

3. Utilise Highly Secure Infrastructures
Cloud databases are a must-have with a remote workforce. These ecosystems make data communication and storage simple and functional outside of an office, and with the right security protocols, they can also make cybersecurity easy.

A decentralized system like blockchain, for example, provides access and communication from anywhere all in an environment secured by cryptographic links. At the same time, immutable data storage offers greater transparency into access and authorization tracking.

Employing secure infrastructures like blockchain can go a long way in reducing the risk of human error through better security overall.

4. Provide Security Tools and Understanding
The success of your team in securely handling data often comes down to the tools they have to work with. For remotely working teams, additional challenges and distractions add to the risk of human error. That risk, however, can be better reduced by the right communication tools and strategies. These include:
  • Collaboration software for check-ins and cybersecurity reviews
  • Project management tools to track workflow and system access
  • Video conferencing tools with multi-factor authentication and encryption potential
Choosing the right tools requires a review of how each platform allows for foolproof security measures. Then, reviewing these measures and how workers can support them will assist in reducing human error.

5. Constantly Stress Cybersecurity
Finally, review and stress cybersecurity concerns with your employees on a regular basis. Mention best practices in all your meetings, and even create metrics and incentive programs aimed at promoting better security.

With all the distractions surrounding remote workers, they need a reason to make cybersecurity a focus of their everyday efforts. Provide helpful tools like VPNs to all your remote workers and ensure they are supported by renewed education regarding best practices.

While human error can never be fully eliminated, these strategies can help you reduce the risk to your own systems. Stress the importance of thinking before you click in all your systems and practices, and choose the right tools to support these efforts. With cybersecurity best practices built into the culture of your remote workforce, you can better keep employees and their data protected.

Wednesday 17 March 2021

Cybercrime to cost over $10 Trillion by 2025

Cyber attacks are a threat to businesses of all sizes and in all industries. With cybercrime rising by 600% during the pandemic, businesses are more vulnerable than ever to the financial and reputational repercussions of cyberattacks. This makes it even more important for businesses and organizations to make cybersecurity a priority.

Costs of Cybercrime
Global cybercrime costs are on the rise, increasing 15 per cent year over year, according to a 2021 cyberwarfare report by CyberSecurity Ventures. By 2025, it is estimated that cybercrime will cost businesses worldwide $10.5 trillion annually.

With the global cost of cybercrime at $3 trillion in 2015, that’s more than a threefold increase over a decade. This represents the “greatest transfer of economic wealth in history,” stated the report.

To put this into perspective, if the total of $6 trillion in cybercrime losses in 2021 were measured as if it were a country, this would be the world’s third-largest economy after the U.S. and China.
The consequences of cybercrime extend beyond financial repercussions. According to the report, businesses may also suffer from:
  • Loss of data
  • Theft of intellectual property
  • Theft of financial or personal information
  • Reputational harm
  • Lost productivity
As cyber-attacks become more frequent and advanced, businesses need to be prepared to respond to incidents.

Ransomware as a Threat
Cybersecurity Venture’s report also highlighted ransomware as a major threat. A ransomware attack occurs when malicious software infects computers and restricts their access to files until a ransom is paid.

It’s estimated that global ransomware damage costs will reach $20 billion in 2021, 57 times the amount in 2015. The report also predicted that a ransomware attack will occur every 11 seconds in 2021, up from every 40 seconds in 2016.
Since the healthcare industry is one of the industries most susceptible to cyber attacks, the FBI is especially concerned with the impact of ransomware on healthcare providers, hospitals, and first responders, as it poses a threat to the safety of American citizens.

Mark Montgomery, executive director of the U.S. Cyberspace Solarium Commission, identifies ransomware as the fastest growing and one of the most damaging types of cybercrime. For this reason, business leaders need to prioritize cybersecurity measures in order to protect their data and their company.

Cybersecurity Best Practices
With increasing cyber threats, especially due to the rise in remote work, businesses need to be as prepared as possible to mitigate the risk of cyberattacks. Here are some cybersecurity best practices that your company should follow to strengthen security and prevent cyber attacks.
  1. Minimize data transfers. In a corporate setting, it’s nearly impossible to prevent the transfer of data between devices. Be mindful of how many devices contain important data and try to make transfers as minimally as possible, especially when it comes to sensitive data.
  2. Verify download sources. Before making any downloads, scan the website you’re downloading from to ensure that it’s verified, and only click on legitimate download links.
  3. Update software regularly. Software developers are continuously updating their applications with the best available security measures, so updating your programs and devices whenever possible is a great way to protect against cyber attacks.
  4. Encrypt where possible. Encryption tools can be used to protect data from outsiders. When encryption isn’t possible, password protection is a great alternative. Be sure to choose complex passwords with a mix of letters, numbers, and characters, and to change your passwords regularly.
  5. Monitor data. Data breach monitoring tools will alert you when there is suspicious activity regarding your data. These tools will help you prevent data theft in real-time.
  6. Have a breach response plan. Breaches can happen to even the most prepared businesses. When they do, having a codified, organization-wide plan can help prevent further damage and speed up recovery efforts.
Rather than waiting to respond to cyber incidents, be proactive by bolstering your security measures to reduce the risks and consequences of cyberattacks. To learn more about cybercrime trends and different types of cyberattacks, check out Embroker’s post on cyber attack statistics for 2021.

Sunday 14 March 2021

Book Review: Born Digital by Robert Wigley

There is a growing generation of adults who have grown up in the digital age, not knowing a life without almost immediate access to a digital connected world. Most adults and children either carry or have access to connected computers, whether they be smartphones, tablets, games consoles, or good old-fashioned PCs, computers have become an essential human tool. Even toddlers seem to have an inherent ability to pick up and use tablet devices to play and learn. While the digital age has brought countless benefits for society, what of the trade-offs in our sleepwalk towards a lifetime dependency on digital technology?

In his book ‘Born Digital’, Bob Wigley shines a light on the darker side of humanity’s relationship with digital technology, pulling out and expanding on the serious issues which are all too often underplayed or brushed aside by a technology distracted and addicted world. Throughout Born Digital Bob cites a series of sobering statistics which brings a reality check in his exploration of the various psychological issues caused by society’s new devotion to digital technology. Indeed, reading Born Digital is a thought-provoking experience, which makes you question whether tech giants, governments, schools, and even yourself as a parent, are doing enough to protect and educate children born into the digital age.  
Born Digital by Robert Wigley is available at Amazon in Hardback, as a Kindle eBook, and as an Audiobook
Born Digital examines the most digital distracted generation of all, ‘Generation Z’, namely anyone born between the late 1990s and early 2010s. Generation Z has grown up psychologically hardwired with digital technology, their smartphones are an extension of themselves, enabling a relentless habit of synchronising their real-world and digital lives with endless social media and digital communications. Generation Z does not regard themselves as a digital addicted and distracted generation, their digital way of life is their normal, so we should not expect them to have epiphany moments of ‘admitting to having a problem’, which is as any alcohol, drug, and gambling addiction counsellor will tell you, is the first and most important step to taper a lifestyle with a harmful dependency. The unhealthy elements of living digital are in plain sight, Born Digital explores the grim reality of harmful effects experienced by Generation Z, such as addiction, anxiety, depression, low self-esteem, stunned empathy development, troubled relationships, fake news, propaganda, and even threats to democracy.

Born Digital is written as a wakeup call to the dangers and the negative outcomes which comes with all our dependency on the digital world, with the book concluding with a call to urgently reset society’s relationship with technology. Tech giants, governments, schools, parents, and each of us must be more informed about the dark side of digital tech, so we can take the necessary steps to better safeguard our society, ourselves, and the next generations from the detrimental side of our relatively newfound digital dependency. 

Firstly, I believe improving education is essential, particularly within schools, and at young ages. We cannot count on parents to educate children about digital dangers, as parents tend not to have little understanding of their children's digital realms. Secondly, there has to be stronger regulation of tech and social media giants, they must be made far more accountable for the digital services they provide, given the profound impact they have, especially on young lives. The ugly truth is social media and big tech companies are highly incentivised to culture addictive habits with their consumers to increase screen time, as more screen time means greater profit through increased advertising revenue. So it is not really in their nature to curtail addictive digital behaviours.

Some help is on the horizon in the UK, with a revolutionary Online Harms Bill, which at present appears to have sufficient teeth to force social media companies to act, by removing and limiting the spread of harmful content, or else face fines of £18m or 10% of their global turnover. If this parliamentary bill is written into UK law as it stands, the potential global turnover linked fine will certainly focus the minds of executives at social media giants like Facebook, TikTok, and Twitter. The bill, which will be regulated by Ofcom, will also require platforms to follow a new code of conduct that covers their responsibilities towards protecting children that are born digital.

Thursday 11 March 2021

HR Strategies to Drive Cybersecurity Culture in the New Normal

The COVID-19 pandemic has forced businesses across all industries to revise their working processes and requirements. From shifting overnight to a remote working model, furloughing staff and operating in a challenging economic climate, many businesses were unprepared for these transitions. However, these changes highlight the important role of Human Resource departments in communicating, supporting and responding to the necessary adjustments and helping employees through the process. 
HR's role in enforcing a strong cyber aware culture in the new normal
As HR departments rethink and reconsider how they foster talent and strengthen their organisations, front and centre to that shift needs to be IT security, underpinned by digital tools and a cyber-aware culture. With a 31% increase in cyberattacks during the height of the pandemic, reinforcing cybersecurity should be at the top of HR’s agenda. Andrea Babbs, UK General Manager, VIPRE SafeSend, discusses what this new way of working means long-term for HR departments and the importance of innovating their cybersecurity approach.

Managing Dispersed Teams
With social distancing measures in place and decentralised workforces, there is extra pressure for HR teams to effectively manage and monitor their employees. As the ‘Bring Your Own Device’ (BYOD) phenomenon creates a security concern due to the lack of consistent security and antivirus software, as well as the heightened pressure of staff feeling the need to work harder, faster and for longer, it’s no surprise that mistakes will be made.

Recent research has found that more than half of businesses believe working from home has made employees more likely to circumvent security protocols, such as using personal devices and failing to change passwords. Inappropriate use of business equipment might also be an issue that could arise, including the circulation of improper imagery or browsing unsuitable websites, which must be managed with caution and appropriate controls, such as blocking access to websites that could drain productivity.

With the combination of untrained employees and creative hackers, the challenges of maintaining security are evident. However, by implementing the correct software and security solutions across all employees’ devices, these risks can be mitigated.

Protecting Employee Data
As well as managing their employees, Human Resource departments have a vital role to play in keeping information safe and secure. HR managers deal with sensitive information on a daily basis, including health records, financial information, redundancies and CVs for potential and existing employees – a gold mine for cyber hackers.

Additionally, the personal information stored within HR must comply with General Data Protection Regulation (GDPR), meaning that if this data was to be stolen or revealed by cyber hackers, the consequences could be devastating. Results from the latest GDPR data breach survey found there was a 19% increase in the number of breach notifications, from 287 to 331 breach notifications per day. And it’s not just SMBs getting it wrong, but also big tech giants like Twitter, which was fined €450,000 after violating GDPR, because it failed to notify the regulator within 72 hours of discovering the breach.

Email is a key communication channel for HR managers to share this personal and sensitive information – which is a risk in itself. The repetitive and familiar nature of email usage means that users can often forget that without the right protocols in place, email can be a window to serious cybersecurity breaches. But, luckily there are digital tools available which offer that critical second check.

Heightened Email Security
Throughout the pandemic, there has been an increase in the number of attacks using COVID-19 and remote working as a lure to vulnerable employees. Also, email addresses of those in HR are typically made publicly available for job applications, which is also an open opportunity for spoofing or malicious attachments, disguised as CVs perhaps, to be sent. For example, phishing emails were previously sent to employees asking them to attend a Zoom call with their HR department regarding the potential termination of their contract.

HR teams can support employees to avoid not only making mistakes but also be wary of potential email attacks, by deploying innovative technology. Digital tools, such as VIPRE’s SafeSend, provide a simple safety check, prompting the user prior to sending an email to confirm it is correct – going to who it should, with the right information. Parameters can also be set to add certain domains to an allow list, or using a DLP add-on to flag sensitive information. Such tools can also help in the event of a phishing attack by highlighting external email addresses which try to look like they have come from someone internally, and most modern email security solutions also include the ability to prevent domain spoofing.

Email encryption can play a critical role in ensuring that sensitive and confidential email is sent both internally and externally securely. The data within the email can be encrypted so that it is not intercepted in transit. Tamper-proof email archiving solutions can also help HR Teams easily find old email communications for use in employee disciplinary procedures or internal enquiries. Being tamper-proof, the communications are locked away, safe from deletion or editing. Even if an employee deletes the offending email from their inbox, it stays in the archive for later retrieval.

SAT Programmes
Despite the creativity and advancements of hackers, the employees themselves are often the number one gateway for cyber attacks, and according to CISOs, human error has been the biggest cybersecurity challenge during the COVID-19 pandemic. It’s even more crucial than ever for Human Resources to reinforce and emphasise the need for a strong cyber aware culture within the workforce, and this can be done through Security Awareness Training programmes.

HR teams are often involved in choosing and implementing the right programme to suit the needs of their workforce. Key considerations here should be around the frequency of training, how engaging the training is for your workforce and the reports available to management to show improvement over time.

With many employees being the middleman between a cyber attacker and a hack, it’s vital that workforces understand their role in keeping business information safe. As well as implementing training for their employees, HR departments should also receive their own continuous training, which focuses on mitigating the legal, financial and reputational risks that come with cyber attacks. Not only will training mean employees are aware of how personal data should be handled, but it will also increase responsibility and accountability.

COVID-19 has not only presented new challenges to Human Resources teams but has also changed the future of the workplace, with many employees now having to adapt to remote or hybrid working. However, among these many transitions, cybersecurity must remain a priority. As threats continue to become more advanced and target those who are vulnerable during challenging times, it is the job of HR to act now and deploy a layered approach to cybersecurity in order to highlight and resolve any weaknesses in the workforce and to keep sensitive data safe. However, above all, in order for this secure infrastructure to be effective, employees must understand their responsibility and value when it comes to cybersecurity by taking a proactive role in keeping business information safe.

Wednesday 3 March 2021

Reasons Why the Security Industry is Protecting the Wrong Thing

Article by Paul German, CEO, Certes Networks 

Why is it that the security industry talks about network security, but data breaches? It’s clear that something needs to change, and according to Paul German, CEO, Certes Networks, the change is simple. For too long now, organisations have been focusing on protecting their network, when in fact they should have been protecting their data. Paul outlines three reasons why the security industry has been protecting the wrong thing and what they can do to secure their data as we move into 2021.

They’re called data breaches, not network breaches, for a reason

Looking back on some of the biggest data breaches the world has ever seen, it’s clear that cyber hackers always seem to be one step ahead of organisations that seemingly have sufficient protection and technology in place. From the Adobe data breach way back in 2013 that resulted in 153 million user records stolen, to the Equifax data breach in 2017 that exposed the data of 147.9 million consumers, the lengthy Marriott International data breach that compromised the data from 500 million customers over four years, to the recent Solarwinds data breach at the end of 2020, over time it’s looked like no organisation is exempt from the devastating consequences of a cyber hack.

When these breaches hit the media headlines, they’re called ‘data breaches’, yet the default approach to data security for all these organisations has been focused on protecting the network - to little effect. In many cases, these data breaches have seen malicious actors infiltrate the organisation’s network, sometimes for long periods of time, and then have their pick of the data that’s left unprotected right in front of them. 

So what’s the rationale behind maintaining this flawed approach to data protection? The fact is that current approaches mean it is simply not possible to implement the level of security that sensitive data demands as it is in transit without compromising network performance. Facing an either/or decision, companies have blindly followed the same old path of attempting to secure the network perimeter and hoping that they won’t suffer the same fate as so many before them.

However, consider separating data security from the network through an encryption-based information assurance overlay. Meaning that organisations can seamlessly ensure that even when malicious actors enter the network, the data will still be unattainable and unreadable, keeping the integrity, authentication and confidentiality of the data intact without impacting the overall performance of the underlying infrastructure.

Regulations and compliance revolve around data

Back in 2018, GDPR caused many headaches for businesses across the world. There are numerous data regulations businesses must adhere to, but GDPR, in particular, highlighted how important it is for organisations to protect their sensitive data. In the case of GDPR, organisations are not fined based on a network breach; in fact, if a cyber hacker was to enter an organisation’s network but not compromise any data, the organisation wouldn’t actually be in breach of the regulation at all.

GDPR, alongside many other regulations such as HIPAA, CCPA, CJIS or PCI-DSS, is concerned with protecting data, whether it’s financial data, healthcare data or law enforcement data. The point is: it all revolves around data, but the way in which data needs to be protected will depend on business intent. With new regulations constantly coming into play and compliance another huge concern for organisations as we continue into 2021, protecting data has never been more important, but by developing an intent-based policy, organisations can ensure their data is being treated and secured in a way that will meet business goals and deliver provable and measurable outcomes, rather than with a one-size-fits-all approach.

Network breaches are inevitable, but data breaches are not

Data has become extremely valuable across all business sectors and the increase in digitisation means that there is now more data available waiting for malicious actors.

From credit card information to highly sensitive data held about law enforcement cases and crime scenes, to data such as passport numbers and social ID numbers in the US, organisations are responsible for keeping this data safe for their customers, but many are falling short of this duty. With the high price tag that data now has, doing everything possible to keep data secure seems like an obvious task for every CISO and IT Manager to prioritise, yet the constant stream of data breaches show this isn’t the case. 

But what can organisations do to keep this data safe? To start with, a change in mindset is needed to truly put data at the forefront of all cyber security decisions and investments. Essential questions a CISO must ask include: Will this solution protect my data as it travels throughout the network? Will this technology enable data to be kept safe, even if hackers are able to infiltrate the network? Will this strategy ensure the business is compliant with regulations regarding data security, and that if a network breach does occur, the business won’t risk facing any fines? The answer to these questions must be yes in order for any CISO to trust that their data is safe and that their IT security policy is effective.

Furthermore, with such a vast volume of data to protect, real-time monitoring of the organisation’s information assurance posture is essential in order to react to an issue, and remediate it, at lightning speed. With real-time, contextual meta-data, any non-compliant traffic flows or policy changes can be quickly detected on a continuous basis to ensure the security posture is not affected, so that even if an inevitable network breach occurs, a data breach does not follow in its wake.

Trusting information assurance

An information assurance approach that removes the misdirected focus on protecting an organisation’s network and instead looks at protecting data, is the only way that the security industry can move away from the damaging data breaches of the past. There really is no reason for these data breaches to continue hitting the media headlines; the technology needed to keep data secure is ready and waiting for the industry to take advantage of. The same way that no one would leave their finest jewellery on display in the kitchen window, or leave their passport out for the postman to see, organisations must safeguard their most valuable asset and protect themselves and their reputation from suffering the same fate as many other organisations that have not protected their data.

Monday 1 March 2021

Cyber Security Roundup for March 2021


A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021.

Serious Linux Vulnerability
Last month a newly discovered critical vulnerability in 'sudo', a fundamental program present in all Linux and Unix operating systems caught my eye. The sudo vulnerability aka CVE-2001-3156, seemed to go under the radar after it was announced and patches were released on 26th January 2021. I wrote a blog post about my concerns given Linux is embedded everywhere, yet many of these systems are rarely, and even never updated with security updates. From IoT devices to internet-based services, the security of countless devices and web-based services' are dependant upon a secure Linux account privilege model. While these Linux operating systems remain unpatched to prevent exploitation of the CVE-2021-3156 vulnerability, there are waiting to be hacked.

Npower App Hack
Npower removed its mobile app after an attack exposed "some customers' financial and personal information." The energy firm did not say how many accounts were affected by the breach, which was first reported by Npower said "We identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as 'credential stuffing'," the firm said in a statement. We've contacted all affected customers to make them aware of the issue, encouraging them to change their passwords and offering advice on how to prevent unauthorised access to their online account." The Information Commissioner's Office (ICO) confirmed it had been informed.

Total Fitness Ransomware Attack
UK media didn't report UK gym chain Total Fitness had been hit by a ransomware attack. In a statement released by Total Fitness on 5th February, the gym chain said,
"On 26th January, Total Fitness’ threat detection software exposed a cyber-attack affecting our internal systems, processes, and communications. Immediately following the attack, our well-rehearsed recovery and continuity plans were instigated which included the lock down and securing of all Total Fitness information.

Total Fitness is continuing to respond to the ongoing ransomware attack likely to be by international serious and organised cyber-crime groups. The matter is subject to a live criminal investigation.

Our Incident Response Team are informing and collaborating with expert organisations including the National Cyber Security Centre, the North West Regional Organised Crime Unit, the National Crime Agency and the Information Commissioner's Office on what is a complex and sophisticated criminal act."

Total Fitness kindly linked several pieces of UK National Cyber Security Centre (NCSC) business ransomware prevention guidance at the bottom of their statement, seemingly they hadn't followed the last linked guidance, which is a basic business good practice to prevent ransomware attacks.
I became aware of the Total Fitness cyber breach after several of their members contacted me for advice following the receipt of an email by Total Fitness, which said there was "a low risk" their personal information was compromised. 

Total Fitness email
"We’re emailing to let you know that Total Fitness’ IT systems were attacked by a highly sophisticated international organised cyber-crime network.  We believe the risk is low for you and your data. To reassure you immediately, we can confirm that your highly sensitive information such as username, password, and credit card information have not been compromised."

Sero and CD Projekt Ransomware Attacks
While the Bakuk ransomware gang claimed it had infiltrated Serco last year, Serco confirmed a cyberattack on 31st January to Sky News.  A Serco spokesperson said there had been no impact on any of its UK operations, given the attack centred on isolated European systems. The Babuk group claimed to have had access to Serco’s systems for three weeks and to have already exfiltrated a terabyte of data. The cybercriminals made specific references to Serco partners, including Nato and the Belgian Army, and threatened Serco with consequences under the General Data Protection Regulation (GDPR). There was further confirmation that the UK NHS Test and Trace programme was unaffected by the incident.

CD Projekt Red, the developers of the controversial Cyberpunk 2077 game, was hit with a 48-hour ransom demand by the HelloKitty ransomware operation. In a ransom note, the attackers said they had stolen the source code for Cyberpunk 2077 and the Witcher 3 game.  CD Projekt Red announced they would not be paying the ransom,  which led to the attackers auctioning the stolen data on a hacker forum. There have since been claims that full copies of the Cyberpunk game source code have been made available on the dark web. CD Projekt Red later in the month said it was delaying an update to their Cyberpunk game until late March due to the cyberattack.

Kia \ Hyundai Reported Ransomware Attack
According to reports, the DopplePaymer ransomware gang hit both Kia and parent company Hyundai, demanding a $20 million extortion payment. Kia's online services have suffered outages assumingly due to the cyberattack, however, Kia is denying the reports releasing a statement which said We are aware of online speculation that Kia is subject to a ransomware attack. At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack”.  Meanwhile, Hyundai America said "Hyundai Motor America is experiencing an IT outage affecting a limited number of customer-facing systems. Those systems are in the process of coming back online. We would like to thank our customers for their continued patience. At this time, we can also confirm that we have no evidence of Hyundai Motor America or its data being subject to a ransomware attack”

Attempted Florida City Water Supply Positioning Cyberattack
Hackers attempted to poison the water supply of the city of Oldsmar in Florida, by remotely infiltrating the water treatment facility's controlling IT system, using it to increase the Sodium Hydroxide (NaOH) levels in the water. The computer systems of a water treatment facility were remotely breached twice on 5th February, through an insecure TeamViewer remote access application. On the last intrusion, the hackers tried to increase the NaOH levels but were foiled as an operator who was watching the attack in real-time. “What it is, is that somebody hacked into the system, not just once but twice, and controlled the system, took control of the mouse, moved it around, opened the programme and changed the levels from 100 to 11,100 parts-per-million with a caustic substance,” said the city sheriff Bob Gualtieri. 

Further to the attack on Oldsmar, Florida’s water facility, CTO of Cymulate Avihai Ben-Yossef warned, "in 2020 we saw a dramatic increase in Nation-State actors attempting attacks on critical infrastructure like power and utility companies.  The number of warnings, and specifically where they originate, insinuate that the level of activity has been elevated. Moreover, we are now witnessing these Nation State actors attempting to gain a foothold into utilities in order to build proactive attack capabilities - and they are trying to manipulate them with deadly consequences.  

The change is partly due to the fact that a few hackers who have gained these attack capabilities are also more inclined to be aggressive - with Iran being the number one proponent. In Israel, Iranian state actors attempted, without success, to attack Israeli water utilities last year. While this isn’t the first effort to manipulate US water supplies, this new attack in Florida is the first time we have seen an attempt with lethal consequences. This is in contrast to the spate of ransomware attacks like those currently victimising Florida hospitals, which points to a different trend where criminal attackers aim to profiteer. "

Nation-Station Solarwinds Attack Update
Microsoft wrapped up its SolarWinds cyberattack investigation by concluding in a blog post that none of its systems was used to attack others thanks to Microsoft's adoption of a 'Zero Trust' model. The Microsoft blog post encouraged all organisations to follow suit in adopting a 'zero trust mindset', stating 'Microsoft points out that organizations should go one step further by adopting it as a mindset – accept that all of the initial lines of defense can fail and that security controls need to be layered across all systems critical to an organization”.

I completely agree with Microsoft on this one, 'Zero Trust' architectures are the future to secure enterprises, taking a "never trust and always verify" approach on all users and devices (inside the network) which connect with the organisation's infrastructure, IT systems, and data.

Stay safe and secure.