Resources

February 2024, cybersecurity round-up

Written by Chloe Schofield | Feb 29, 2024 12:02:53 PM

In our second security round-up of the year, schools and universities are hitting the headlines and managing the fallout from targeted cyberattacks. Let's start with secondary school, Framwellgate.

County Durham school lost 40GB of sensitive data

As confirmed this month by the Police and Crime Commissioner (PCC), Framwellgate School in County Durham lost 40GB of sensitive data due to a cyberattack last September.

Cybercriminals infiltrated the school's network for an extended period before being sent evidence of the stolen data and being held for ransom via email by the criminals.

Thanks to funding from the PCC, a collaborative effort involving cyber security experts secured the school's network swiftly and restored its services. Commissioner Joy Allen commented on the support provided to the school, highlighting the partnership with the North-East Business Resilience Centre (NEBRC) aimed at safeguarding businesses from online fraud.

Through vulnerability assessments and collaboration with local digital firms, NEBRC identified and rectified weaknesses in the school's infrastructure, enhancing its security measures. Commissioner Allen's recent visit to the school underscored the importance of such initiatives in fortifying against future cyber threats, emphasising the necessity for proactive measures in an increasingly sophisticated digital landscape.

Southern Water apologises to customers

Last month, Southern Water confirmed it had been affected by a cybersecurity breach. The utility company apologised to numerous customers this month following the breach on 22nd January 2024. The criminal organisation, Black Basta, claimed to have obtained data from Southern Water, which included personal information such as national insurance numbers, dates of birth, and banking details. Southern Water has since sent out a letter to affected customers.

Despite prior detection of suspicious activities, the extent of the breach remains uncertain and is estimated to have impacted around 5-10% of customers. Working with the National Cyber Security Centre (NCSC), Southern Water initiated an investigation. While water supplies remained unaffected, the company has prioritised reaching out to affected customers and offered complimentary Experian Identity Plus membership for twelve months to monitor potential fraud.

Southern Water emphasised its commitment to data protection and compliance with regulatory obligations, reassuring customers of ongoing monitoring efforts. The Information Commissioner's Office (ICO) has confirmed receipt of the incident report and launched its investigation into the breach.

UK universities hit by a malicious cyberattack

Cambridge University is among a number of universities that were hit by a malicious cyberattack on Monday, 19th February. Staff and students' internet access was affected, and several systems were compromised.

An email was sent out to university staff detailing how the university was the target of a DDoS (Distributed Denial-of-Service) attack and that traffic levels into the university were being deliberately overwhelmed, causing perimeter firewalls to be overloaded with requests and consequently restricting the ability to allow genuine traffic. Within 24 hours, a Cambridge University spokesperson stated that issues had been resolved and regular service had been restored for centrally managed IT services.

As mentioned, Cambridge was just one of the universities affected. The University of Manchester was also a victim, with responsibility claimed by a group of hackers named Anonymous Sudan. The group has stated that the reason for the attack and disruption is due to the UK's continued support of Israel in the Gaza conflict, and these universities, in particular, were targeted due to their size.

University of Wolverhampton – widespread IT system disruptions

This month, the University of Wolverhampton also disclosed a "cyber security incident" that caused widespread IT system disruptions across all campuses. The incident prompted thousands of staff and students to switch to remote work on Tuesday, 20th February, and despite swift response efforts to contain and minimise the impact, disruptions have persisted.

Coinciding with cyberattacks at the University of Cambridge and the University of Manchester, a cyber correspondent at the BBC has suggested a potential link. However, a direct confirmation has yet to be made. Identified internally as a cyberattack, the university confirmed the breach and is working with external IT security experts.

The university implemented temporary measures to facilitate remote learning while addressing the issue. Students from Wolverhampton, Walsall, and Telford campuses have expressed frustration over the disruption, forcing some to relocate for access to online resources. The university assured ongoing investigations, acknowledged the situation's complexity, and committed to providing timely updates for stakeholders.

Tackling LockBit

There will always be cyberattacks and threats hitting the news, but there are also stories highlighting the work taking place to combat cybercrime gangs.

In an international collaboration led by Britain’s National Crime Agency (NCA), the FBI, Europol, and a combination of global law enforcement agencies, the infamous cybercrime gang LockBit, known for extorting victims by holding their data hostage, has been disrupted.

The NCA has confirmed its ongoing operation against LockBit. This group has targeted some of the world's largest organisations, coercing them into paying hefty ransoms under threat of data exposure. LockBit’s business-like approach to cybercrime has made it a dominant force in the ransomware market.

The gang’s extortion website is now under the control of the NCA, and a spokesperson for the NCA has confirmed they had disrupted the gang, but the operation is ongoing. This marks a significant blow to cybercriminal operations and reflects the collective efforts of international law enforcement in combating the escalating threat of ransomware attacks.

LockBit were responsible for causing significant disruption to Royal Mail back in 2023, and officials in the US have stated that the organisation has hit over 1700 organisations in almost every industry, describing them as the world's top ransomware threat.

The Guardian shared a comment from Don Smith, Vice President of SecureWorks, on the significance of this takedown.

"To put today's takedown into context, based on leaked site data, LockBit had a 25% share of the ransomware market. Their nearest rival was BlackCat, at around 8.5%, and it starts to fragment after that. LockBit dwarfed all other groups, and today's action is highly significant."

Combined efforts and collaboration are vital to tackling cybercrime, and this is an excellent example of what it can achieve. As always, we will keep you informed on the latest cyberattacks in our monthly round-ups.

If you’d like to discuss your cybersecurity offering, contact the Brigantia team.