Capita cyber attack fallout continues as 90 organisations report data breaches to watchdog
The fallout from the Capita cyber attack continues as the UK-based outsourcing company was reported by 90 companies for personal data breaches to the Information Commissioner's Office (ICO). The cyber-attack in March (now confirmed as a ransomware attack) hit the headlines but worse was to come as it was later revealed that Capita had left a considerable volume of data unprotected online.
Warnings about potential exposure are currently being issued to hundreds of thousands of individuals. Capita assured that remedial actions are underway to secure the data, but the scale of the breach is immense, impacting numerous public and private organisations that rely on Capita's services. This includes a myriad of corporate pension schemes and local authorities.
Despite concerns from local councils about possible personal data exposure, Capita originally downplayed the risk. Nonetheless, the ICO is urging all organisations to assess the potential impact on their data.
One example of the far-reaching effects is the Universities Superannuation Scheme (USS) pension fund, which is currently informing its 500,000 members that their personal data might be at risk. The breach possibly includes personal details such as names, dates of birth, National Insurance numbers, and retirement dates.
US city of Augusta held hostage by BlackByte ransomware gang
The ransomware group, BlackByte, has claimed accountability for a cyber attack on the US city of Augusta, Georgia, revealing 10GB of sample data and stating they have more to offer. The group warned, "We have a wealth of sensitive data," in a screenshot shared by threat analysts. BlackByte threatened that much more data would soon be freely available to all.
The group also posted on a hacker forum about having additional data for sale. Augusta authorities confirmed encountering technical issues from May 21 due to unauthorised system access.
Analysis of the released 10GB sample revealed it contained payroll information, contact details, personally identifiable information (PII), addresses, contacts, and city budget allocation data, however, the origin and authenticity of the leaked data could not be confirmed.
BlackByte, a Russia-based ransomware group, has been targeting businesses globally since July 2021, using double extortion to coerce payments from victims. Both the FBI and US Secret Service have previously issued warnings about the group. The ransom demanded for data deletion is $400,000, but BlackByte is willing to sell the data to third parties for $300,000.
60% spike in attempted cyberattacks on Irish hospitals and healthcare settings
Irish hospitals and healthcare environments are experiencing a surge in cyberattacks, with a 60% increase over the past eight weeks. The rise poses grave threats to patient care and data security.
This surge comes two years after a significant ransomware attack on the Health Service Executive (HSE), which led to significant disruption and illicit access and duplication of information stored on computer systems. The HSE estimated the immediate cost of the cyberattack at around €100m, with long-term costs possibly reaching €500m.
According to a report from the Comptroller and Auditor General (C&AG) last September, the HSE needs to spend almost €657m over seven years to improve cybersecurity in the aftermath of the breach.
The healthcare sector is a prime target for cybercriminals due to the vast amounts of sensitive patient data stored and the critical nature of health services, which can increase the likelihood of paying ransoms to restore operations swiftly.
Anonymous Sudan demands $3 million from Scandinavian Airlines
Anonymous Sudan", a hacker group, has surprised Scandinavian Airlines (SAS) by demanding a hefty $3 million to cease the distributed denial-of-service attacks (DDoS) that have been targeting the airline's online platforms since February. Originally claiming political motivations, the group now appears to be adopting extortion tactics for financial gain.
The group shared a ransom note via its Telegram channel, suggesting that SAS services have been immobilised for over five days. They warned that the company risks further alienating its already disgruntled clientele if no action is taken. Despite these claims, the company's website is functioning.
SAS has acknowledged the website issue in response to customer complaints on Facebook and promised a swift resolution. However, SAS has remained silent regarding inquiries from The Record.
Simultaneously, Anonymous Sudan has been escalating their demands, increasing from a modest $3,500 to an eye-watering $3 million.
The threat posed by hacktivist groups to businesses is significant, especially given their ability to leverage both political and financial motivations. With the skills to launch destructive cyber-attacks, they can disrupt business operations, compromise sensitive data, and inflict severe reputational damage, ultimately leading to significant financial losses. Anonymous Sudan's actions against SAS perfectly illustrate these threats.
GCHQ issues new warning over Chinese state-sponsored hackers
The UK's National Cyber Security Centre (NCSC), a division of GCHQ, has advised operators of critical national infrastructure, including energy and telecom networks, to protect their systems from potential Chinese state-backed hackers. This warning follows the revelation that a Chinese hacking group, Volt Typhoon, targeted a US military outpost in the Pacific.
The Five Eyes intelligence alliance—consisting of the US, the UK, Australia, Canada, and New Zealand—issued a collective notice about the Volt Typhoon threat and provided guidance on its mitigation. Microsoft noted that the group, active since mid-2021, had targeted telecom infrastructure in Guam and various organisations across sectors in the US.
Paul Chichester, NCSC's Director of Operations, emphasised the importance of preventive measures against attackers infiltrating their systems and urged providers of vital UK services to adhere to the provided guidance.
One of Volt Typhoon's principal tactics involved exploiting their target's existing IT infrastructure, leaving detectable traces within the system.
