In the penultimate security round-up of 2023, there’s plenty to share. Let’s start with Gloucester City Council who are experiencing the long-term impacts of a cyberattack.
Gloucester City Council reprimanded
The impact of a cyberattack can go on for months, even years. This is precisely the case for Gloucester City Council. Back in December 2021, the council discovered their networks and servers were encrypted with ransomware. The attack came via email and contained a link to malicious software, and the software had been created to gain access to the councils’ network.
Over 240,000 files were transferred to a file-sharing site in New Zealand, the breach disrupted housing benefit claims, council tax payments, leisure centre bookings, and COVID-related services.
Since the incident, investigations have taken place, the council has spent £1 million on fixing the attack and this month it has now come to light that they’ve been reprimanded by the data protection regulator.
The reprimand comes after the Information Commissioner’s Office (ICO) found the council didn’t have the correct monitoring systems in place at the time of the attack and had no central logging system that could have helped detect the attack and prevented it from spreading.
Property transactions put on hold
Legal sector specialist infrastructure service provider CTS has confirmed a cyber incident caused a severe service outage. The impact of the outage has affected some of the services they provide their clients including up to two hundred law firms. The result has been conveyancing companies being prevented from accessing the necessary systems to advance with property transactions.
Many of the UK-based law firms have released statements to inform their customers that they’re experiencing service difficulties due to a technical outage. The incident puts the progression of many exchanges and completions on hold.
CTS is investigating the incident and is confident services can be restored but are unable to say when. The concern of the incident is the personal damage this could cause to individuals impacted and the dangers of supply chains being increasingly interconnected.
Personal data stolen from the British Library
Personal data stolen in a cyberattack on the British Library has shown up for sale online. Rhysida, a known ransomware group has claimed responsibility for the attack and has stated that the data stolen was “exclusive, unique, and impressive” asking for a starting bid of 20 bitcoins (around £596,000).
Images posted online seem to show employment contracts and passport information.
The library has not confirmed Rhysida as the culprit of the attack but has stated they’re aware that some data has been leaked and appears to relate to HR information.
The library’s services are likely to be disrupted for months after the significant attack. The institution has advised users to change logins and shared they have put in protective measures to ensure the integrity of their system whilst they investigate with the NCSC, police, and cybersecurity specialists.
The attack took place on the 31st of October, the library’s website has remained shut since this date with online services and systems being affected. It’s hoped many services will be restored in the coming weeks.
General Electric data theft
American, multinational company General Electric is currently investigating claims of a threat actor breaching the organisation's development environment. The alleged attack is said to have taken place earlier in November by threat actor, IntelBroker.
IntelBroker has attempted to sell General Electric’s development and software pipelines on a hacking forum. To prove the breach took place, the threat actor has shared screenshots of the claimed stolen data.
Although yet to be confirmed by General Electric, IntelBroker is known for successful high-profile attacks.
Google DDoS attack
Google recently confirmed that their DDoS Response Team blocked the largest DDoS attack they’ve ever recorded in August of this year.
The attack was seven and a half times larger than what they’d previously stopped with the peak of the attack reaching 398 million requests per second and relied on a HTTP/2 “Rapid Reset” technique.
In comparison, their largest attack last year peaked at 46 million requests per second. The attacks which began in August have continued since then, targeting Google services, cloud infrastructure, and Google customers.
Through investigation and analysis, Google was able to develop a set of mitigations and update their proxies and denial-of-service defence systems to protect against this ‘Rapid Reset’ technique.
Even though this is the largest DDoS attack they’ve seen, Google has said their global load-balancing and DDoS mitigation infrastructure has helped keep services running.
Final thoughts
As always, we will continue to keep you up to date with the latest cyberattacks and threats. If you would like to discuss your cybersecurity needs, get in touch with the Brigantia team.