Resources

September security round-up

Written by Chloe Schofield | Sep 29, 2023 11:47:09 AM

September's round-up is here, and as expected, there have been attacks of all sizes in recent weeks. Let's start with one that happened close to home.

Charities attacked

It was recently reported in the news that hundreds of thousands of people who donated to well-known charities had their personal information stolen.

Hackers gained access to a survey company that works with over forty charities, gaining access to surnames, home addresses, emails, and the amount donated by individuals.

The RSPCA, Dogs Trust, Battersea Dog and Cats Home, Shelter, and Friends of the Earth are among the charities affected. Although no financial information was obtained, the risk now is that fraudulent emails could be sent to the obtained email addresses.

Some of the charities have been linked to high-profile individuals. Sir Elton John supports Battersea Dog and Cats Home, Alan Carr supports the Dogs Trust, and Sir Brian May supports the RSPCA. The total number of people affected is unknown, but some charities have notified their supporters via email about the attack.

The impact of the attack on people's trust and willingness to donate is a major concern for charities right now.

Russian hackers

Russian hackers allegedly obtained top secret security information from some of the UK's most sensitive military sites, including the HMNB Clyde nuclear submarine base on Scotland's west coast.

The alleged breach raises serious concerns about the potential consequences. The group behind the attack, which has been linked to Russian nationals, has been identified as LockBit.

Thousands of pages of data have reportedly appeared on the dark web. This significant attack has raised concerns about third-party suppliers holding data on the UK's military infrastructure, how it is regulated, and the risks it poses.

Currently, the UK government has refused to comment on the event's security concerns, stating, "We do not comment on security matters."

Casino giants held to ransom

Moving across the Atlantic, casino titans MGM Resorts International and Caesars Entertainment have been targeted by the hacking group ALPHV with a financially motivated ransomware attack.

It's unclear how much was demanded of the affected organisations, but the repercussions are already being felt, with both companies losing market value.

According to reports, the attack caused issues such as slot machine and online booking system outages, reservation cancellations, and guests being unable to check in, make card payments, or log in to MGM accounts.

Investigations with external cybersecurity experts are underway, and it has not yet been determined what data was stolen in this incident.

MGM has been the victim of an attack for the second time in the last few years. In 2019, cloud services were compromised, resulting in the theft of 10 million customer records, including names, addresses, and passport numbers.

Sony systems hacked

Newly formed cybercrime group Ransomed.vc is said to have attacked the multinational corporation Sony, best known for its gaming console PlayStation.

Sony has not yet provided any additional information, but an Australian cybersecurity publication, Connect, reported that Sony was the victim of a sophisticated attack, with the criminal group itself issuing warnings about the breach.

Ransomed.vc's claims are difficult to dismiss. The group claims to have hacked all of Sony's systems and will sell the data rather than demand a ransom.

Increase in cyberattacks

As we near the end of this month's round-up, we'd like to highlight recent information obtained through reports to the Information Commissioner's Office.

It was reported that attacks on UK financial service firms increased threefold from June 2022 to June 2023, rising from 187 in 2022 to 640 in 2023.

Pensions have seen the greatest increase, with a large jump from 6 to 246 reported cases.

Financial service firms hold valuable and sensitive data, and they have strong cyber defences in place, so these recent statistics serve as a stark reminder that complacency is not an option, and the financial sector is a prime target.

So, what's the answer? When it comes to highly sensitive data, constant monitoring and timely updates across the entire supply chain are critical.

If you'd like to discuss your cyber security needs, please contact the Brigantia team.