The LockBit ransomware group has exposed potentially sensitive British military and intelligence data. The affected company, Wolverhampton-based fencing systems manufacturer, Zaun, confirmed the cyber-attack took place on August 5-6. The breach was traced back to an old Windows 7 PC. Though the company believed no data was initially transferred, they later discovered 10 GB of data had been downloaded. The contents possibly included emails, order details, drawings, and project files.
LockBit took responsibility on August 13, setting a ransom deadline of August 29. When Zaun didn't pay, some data was published online. Contrary to Zaun's belief that no sensitive data was compromised, The Daily Mirror reported the exposed data could assist unauthorized access to various British military and intelligence locations.
Zaun argued that any compromised data wouldn’t offer more insights than what’s already publicly available. The West Midlands Regional Cyber Crime Unit has initiated an investigation into the breach.
Prominent UK figures, including Labour MP Kevan Jones and Tory MP Tobias Ellwood, expressed serious concerns over national security implications. Ellwood emphasized the evolving nature of threats in the digital age.
Zaun has reached out to the National Cyber Security Centre (NCSC) and the ICO regarding the issue.
A new report has revealed Nearly half of Switzerland's large businesses have been a victim of cyber attacks. The study, conducted by Deloitte and Lucerne University of Applied Sciences, revealed 45% of companies with over 250 employees experienced a cyber attack. In contrast, only 18% of businesses with fewer than 50 employees reported similar incidents. The data suggests that larger companies are more attractive targets for cybercriminals due to their global presence. However, smaller businesses might not report all attacks to their boards.
Florian Schutz, responsible for Switzerland's national cyber protection, noted that many small-to-medium enterprises (SMEs) don't have the resources for robust cyber security measures. The study also highlighted companies' lack of preparation; only 57% have a clear cyber security strategy. Cyber attacks lead to business disruptions, with 42% affected, and also target customers, with 11% reporting subsequent customer attacks. Recovering from such attacks can be costly and damaging beyond just the impacted company.
Over the weekend, the German financial market regulator, BaFin, was hit by a Distributed Denial of Service (DDoS) attack that caused its website to become inaccessible for several days. The institution, however, assures that its other systems were unaffected.
On Monday, BaFin officially announced via its X channel (previously Twitter) that it had been targeted by a DDoS attack. As a countermeasure, the regulator temporarily blocked access to its website and introduced additional security protocols. A statement translated from German on their social media post reassured that all other systems were operating without interruptions. Attempts to access the BaFin website displayed an "unreachable" message.
The Electoral Commission failed to pass a basic cyber-security test during the period when hackers infiltrated their system, according to a whistleblower who spoke to the BBC. Last month, the Commission disclosed that "hostile actors" penetrated its email system, potentially accessing data of 40 million voters. The Commission's spokeswoman confirmed that the organisation had not yet cleared the basic cyber-security test.
In 2021, hackers accessed the Commission's systems, potentially viewing 40 million registered voters' details. The identity of the hackers and their method of breaching the system remains undisclosed. However, during the hacking period, a Cyber Essentials audit deemed the Commission non-compliant with its standards. The government-supported Cyber Essentials scheme promotes best practices in cyber-security. While certification is voluntary, it's a critical requirement for suppliers handling specific sensitive information.
The Commission's 2021 certification failure was attributed to several reasons, including outdated software on staff laptops and the use of older iPhones that no longer received security updates. Daniel Card, a cyber-security consultant, noted that it remains uncertain if these lapses facilitated the hack but highlighted the Commission's overall weak security posture.
The UK's Information Commissioner's Office is now urgently investigating the cyber-attack. The Electoral Commission emphasized its ongoing efforts to bolster cyber-security, drawing on the expertise of the NCSC.
Several Czech banks and the Prague Stock Exchange fell victim to cyberattacks last Wednesday and Thursday. Banks such as Komerční banka, Česká spořitelna, ČSOB, Air Bank, and Fio banka faced issues, as reported by the Czech News Agency. These institutions confirmed the cyber incidents, assuring that while there were temporary disruptions in services, the finances of their clients remained secure. Specifically, Česká spořitelna experienced DDoS attacks, which overload servers without harming the underlying systems or data. Raiffeisenbank and Moneta Money Bank also reported similar attacks, resulting in website and mobile banking outages. Meanwhile, the Prague Stock Exchange's website continued to experience problems after the attack. The Russian hacktivist group NoName057(16) took responsibility for the cyberattacks on Thursday, demanding the institutions cease their support for Ukraine.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.