Cybersecurity News of the Month - October 2022
Welcome to our monthly cybersecurity news round-up.
In this month's round-up, ransomware has been top of the news with several data breaches involving malicious attacks and details released of the cost of ransomware attacks to Hackney council and Interserve.
We also examine the top takeaways from the ‘Global Incident Response Threat Report’ and explore a recent report revealing how almost half of Irish SMEs have been hit by multiple cyber attacks.
As always, be sure to subscribe to our monthly newsletter to receive the latest cybersecurity news and advice straight to your inbox.
Latest Cybersecurity News
Top takeaways from Global Incident Response Threat Report
VMware recently released their annual ‘Global Incident Response Threat Report’ revealing the key cybersecurity trends based on events over the past year.
The report dives into several threat areas including, ransomware attacks, lateral movement attacks, the risks posed by deepfakes, API security systems and Business Email Compromise (BEC).
It is critical for IT professionals to understand and learn from these trends as gaining knowledge from past cybersecurity incidents can enable organisations to better withstand a cybersecurity incident and prevent future attacks.
Microsoft Exchange servers hacked to deploy LockBit ransomware
Microsoft has been investigating reports of two new zero-day flaws which have been used by malicious attackers to hack Microsoft Exchange servers and then used to launch Lockbit ransomware attacks.
CVE-2022-41040 and CVE-2022-41082 are referred to collectively as ProxyNotShell. The flaws result in remote code execution (RCE) similar to ProxyShell but require access to the Outlook Web Access server application in addition to having Exchange PowerShell available.
Despite the bugs being reported in August of this year, the vulnerabilities have yet to be patched.
The company added detection signatures for the vulnerabilities and added them to its IPS N-Platform, NX-Platform and TPS products since October 4th of this year.
No further information has been released regarding the zero-day vulnerabilities.
Several data breach lawsuits settled by Mediahuis Ireland
Mediahuis Ireland, formerly Independent News and Media (INM), have settled several lawsuits involving alleged major data breaches.
Nineteen members of INM took the action over concerns that their privacy and data protection rights were breached during an alleged “interrogation” by an external company in 2014.
Reportedly €2m has been provisioned for the settlement of the lawsuits by Mediahaus, who are anxious to resolve the cases.
Among the cases close to settlement is former chief executive Vincent Crowley and journalist Sam Smyth.
Hackney Council ransomware costs exceed £12m
Hackney Council are still feeling the impact of a ransomware attack which took place 2 years ago.
The Pysa ransomware attack which occurred in October 2020 saw malicious attackers access Hackney Council’s systems by targeting legacy on-premise servers that were not yet migrated into the cloud. This breach saw the local authority spending approximately £12.2m between 2021 and 2022.
The attack caused long-lasting disruptions to public services across Hackney, including benefits claims and housing. In some cases, staff were continuing to work with pen and paper as recently as January 2022.
A Hackney Council spokesperson told a local newspaper, “We are sorry for the impact that this serious criminal attack has had on our residents.
Council staff have done everything possible to minimise impacts and return services to normal as quickly as possible. We are extremely grateful for their tireless efforts and to our residents for their continued patience.”
UK construction company fined over ransomware attack
UK construction company, Interserve, has been fined £4.4 million by the UK's data protection regulator after a ransomware group accessed the sensitive data of 113,000 employees.
The data breach occurred when an employee sent a phishing email to another employee who opened it and downloaded its contents. The contents of the email contained malware which was detected by the company's anti-virus solution but an investigation into the emails did not take place.
According to the Information Commissioner’s Office (ICO), the company “failed to thoroughly investigate the suspicious activity. If they had done so, Interserve would have found that the attacker still had access to the company’s systems”.
In total, the malicious attackers compromised 283 systems and 16 accounts, uninstalled the anti-virus and encrypted the personal data of up to 113,000 current and former employees.
Interserve was deemed by the ICO to have breached data protection laws by failing to put the appropriate technical and organisational measures in place to prevent any unauthorised access to people's sensitive information.
This is the second fine issued by the UK's data protection authority regarding an organisation falling short of its data protection duties in connection with a ransomware attack. Previously, a law firm was issued a fine of £98,000 when hackers accessed 24,000 court bundles containing medical files and witness statements.
Latest Data Breaches
- The DPC is examining a data breach at dairy processor Tirlán, concerning the private data of farmers being sent to incorrect recipients.
- Personal email addresses of prospective students exposed in UL data breach.
- University Hospital Limerick writes to 630 patients after an alleged data breach.
- German newspaper halts circulation after a ransomware attack crippled its printing systems.
- Shein's data breach resulted in a $1.9m fine for the parent company.
Hot Topic of the Month
Almost half of Irish SMEs hit by multiple cyber attacks
Almost half of Irish small and medium businesses have experienced multiple cyber attacks in the last three years, according to a new study.
The survey of 250 business owners showed that of those that reported a cyber breach, 43% said they had experienced up to five attacks in the last three years.
Some 60% of SMEs said they felt unprepared for an attack, while 34% said they had reduced their spending on cybersecurity.
"Our research shows that for small and medium businesses to stay resilient and insulated from risk, security needs to be front and foremost in their strategic plans," said Sinéad Bryan, Managing Director of Vodafone Ireland Business.
The study showed that digitalisation during the pandemic helped drive revenues at small and medium businesses but that the rate of digitalisation has now started to decrease.
"As the cornerstone of Ireland's economy and a core driver of post-pandemic economic recovery, it is of the utmost importance that small and medium businesses maintain a position of digital perseverance," said Anne Sheehan, General Manager of Microsoft Ireland.
How our experts can help
Identifying cybersecurity vulnerabilities without the input of an expert can be a difficult task.
At Secora Consulting, our experts provide a range of services that can help you to assess the security of your organisation. Our cybersecurity assessment focuses on gaining an insight into weaknesses in your organisation's current security posture which may make you vulnerable to the most common cyber-attacks.
Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems. If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration testing services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get.
Get in touch with us today to discuss your specific requirements.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.