Russia top suspect behind UK Electoral Commission hack
British intelligence has linked the Electoral Commission's data breach to Russian involvement.
The Electoral Commission disclosed the "complex cyber attack" by "hostile actors" this week, though the breach started in August 2021 and was detected 14 months later.
The breach accessed voter registers from 2014-2022, including overseas voters, and potentially compromised sensitive emailed information. While the commission stated the breached data presents a low risk to individuals, questions remain about the prolonged undetected presence of hackers. The delay in public disclosure was attributed to ongoing investigations and security upgrades.
According to a report in the Telegraph the breach exhibited ransomware signs, raising fears of possible election interference. The hackers also got into the commission’s email system. It is not known what was accessed but the commission said that any sensitive information emailed in by people - such as bank records - could be compromised.
Tensions between the UK and Russia have been high, especially after Russia's 2022 invasion of Ukraine. Though the cyberattack happened before the invasion, it intensifies these strains. Whilst Russia top the lists of suspects China was named as a close second due to the value the CCP puts on ‘collecting’ data for their strategic interests.
Police Service of Northern Ireland Data Breach highlights insider threat risks
The Police Service of Northern Ireland experienced a data breach that inadvertently exposed the names, roles, and locations of both police and civilian personnel.
The leak transpired after a Freedom of Information request was mistakenly fulfilled with a spreadsheet carrying this sensitive information. From the chief constable to rank-and-file officers and administrative staff, details of all PSNI members were on the document, though private addresses were exempt. An immediate investigation was initiated to understand the oversight.
Making matters worse is that militant dissident republicans said that they had access to the information including the details of 40 Mi5 officers.
The data breach underscores not just the serious potential risks of insider threats but also the dangers posed by accidental insider breaches, emphasising the need for stringent data protection measures.
Largest cyber attack against US hospitals in years causes significant disruption
A massive cyber-attack struck U.S. hospital systems, causing disruptions that closed emergency rooms in several states and rerouted ambulances.
Starting last Thursday, the ransomware attack focused on Prospect Medical Holdings, with facilities across Texas, Connecticut, Rhode Island, and Pennsylvania all being impacted. The company shut down its systems and sought expertise from cyber security specialists.
In a statement Prospect Medical said it is reevaluating its systems, potentially rescheduling appointments and promising to notify affected patients.
Cyber security experts noted the grave repercussions on the already stressed healthcare sector and emphasised the rush to digitise without adequate security measures during the Covid-19 pandemic.
Top of Form
March’s Capita cyber attack to cost firm over £25 million
Capita revealed a financial impact up to £25m as a result of the cyber-attack suffered in March, leading to a near £68m pre-tax loss for the first half of the year.
The attack, orchestrated by the Black Basta ransomware group, hacked Capita's Microsoft Office 365, accessing data of the company's employees and various clients.
Though the company confirmed a data breach, they stated that only 0.1% of its server estate was compromised. Recovery measures have been taken, with affected parties notified. While nearing the end of their investigation, Capita acknowledged learning valuable lessons.
The company, used by local councils, the military, and the NHS, revised its financial damage estimates for the attack from £15m-£20m to £20m-£25m, attributing to data analysis complexities, recovery costs, and cybersecurity enhancements.
Capita's shares dropped 12% following the report, and post-attack, around 90 entities reported data breaches to the UK's Information Commissioner's Office, emphasising the attack's broader implications.
Signs that notorious Ransomware gangs are working together on cyber attacks
Hive ransomware group's former affiliates may be joining other significant dark web entities, leading to speculation of major ransomware gangs collaborating. After law enforcement successfully disabled Hive in a joint FBI-Europol operation, it is theorised that Hive's affiliates might have transitioned to Royal and Black Basta, explaining the similarities of attacks.
Security analysts at Sophos observed connections among three notorious ransomware groups: Royal, Hive, and Black Basta. Cyber-attacks early in 2023 were said to have exhibited notable similarities in their techniques, suggesting potential collaboration or sharing of intricate technical specifics among the groups.
For instance, repeated usage of identical usernames and passwords during their system intrusions was observed. Furthermore, each employed matching techniques like delivering payloads in .7z archives named after their victims, and executing similar commands.
