In the first half of 2023, cybercrime has impacted organisations of all sizes and sectors.
State-sponsored or state-affiliated groups pose a significant threat to national security and individual privacy. This month, it is believed that a Russian-linked group targeted prominent organisations such as British Airways (BA), Boots, and the BBC.
According to reports, hackers gained unauthorised access to a third-party provider used by the three companies to store employee personal information. Names, addresses, and national insurance numbers were among the stolen data, raising concerns about identity theft and other malicious activity.
The National Cyber Security Centre (NCSC) is said to be investigating the incident, while the three companies are taking precautions to mitigate damage.
Another recent victim is the European Investment Bank (EIB). The EIB is the European Union's lending arm. With over 3,000 employees and a balance sheet of more than 500 billion euros, it is critical to economic growth.
The recent attack has been described as a "cybersecurity incident" that affected the bank's website and email services, forcing them to be temporarily shut down. The EIB has not provided specifics, but it is believed that the attackers gained access to sensitive information.
The EIB has launched an investigation into the incident and notified the appropriate authorities and stakeholders. According to reports, the bank is working not only to restore the affected systems, but also to strengthen its cybersecurity measures to prevent future attacks.
This attack comes just days after Russian-speaking hackers warned of their intention to target Western financial institutions perceived to support Ukraine.
PwC and EY, two major professional services firms, were hit by a cyberattack that targeted the MoveIT secure file transfer system. Hackers gained unauthorised access to data stored in the system as a result of the attack.
Organisations rely heavily on the MoveIT platform for secure file transfer and management. According to reports, a threat actor exploited a vulnerability in the software, compromising user credentials and gaining unauthorised access to PwC and EY's data.
The two companies have launched investigations and notified affected customers, but the full scope of the data breach and what information was accessed are still unknown.
As the month comes to a close, leading Chinese surveillance camera manufacturers Hikvision and Dahua have been questioned by the BBC about the security of their cameras.
Current affairs programme, Panorama, discovered significant security flaws in the cameras of the two manufacturers as part of a series of experiments. As more businesses migrate to IP (internet protocol) security systems, Hikvision and Dahua cameras are among the most widely used in the UK. IP CCTV is more modern and convenient, but its own security is critical because it is connected to your network.
The BBC article discussed concerns about surveillance technology and its potential use as a trojan horse to disrupt computer networks. Where these technologies are used by government agencies and critical infrastructure sites, successful hacks have the potential to cause civil unrest.
Two separate experiments showed how quickly hackers could gain control of Hikvision and Dahua cameras. A BBC hacker was able to take control of a Hikvision camera inside Broadcasting House and clearly see employees working on laptops in the studio. The audio of a Dahua camera was also hacked, allowing eavesdropping in the room where it was located.
Hikvision and Dahua have both spoken out against the BBC. Hikvision stated that it is an independent company that imposes strict security requirements on its products and poses no threat to the national security of the United Kingdom. Meanwhile, Dahua claimed that when flaws were discovered, an investigation was immediately launched, and that they have since been fixed with firmware updates.
Hikvision and Dahua are the leading suppliers of surveillance cameras in the UK, with Hikvision being used by 227 councils and 15 police forces, and Dahua being used by 35 councils. Any flaws in these technologies are cause for concern.
According to reports, cyberattacks increased by 7% globally in the first quarter of 2023. Recent research from Check Point reveals that organisations across many industries have experienced a significant increase in cyber threats during this time.
This increase serves as a stark reminder that the cyber threat landscape is constantly changing, and that staying vigilant is critical to protecting your digital assets.