Business Continuity & Cyber Security Incident Log w/e 14/07/2017

Business Continuity Incident

British Gas Customers Targeted in Phishing Scam

The email asks the recipient to follow the links to update their data, warning that their details are out of date.

Although targeted at British Gas customers, the email has been sent out to people who are not even customers of the energy and home services provider.

The message reads: “In British Gas we take our customer’s security very seriously, we have strict security meausres to protect your person (sic) information.

“This includes following our security procedures (like checking your identity timely ), encrypting all the data on our websites and confirm the validity for your registered details”. (sic)

It then asks the recipients to follow a link that will allow them to update their details.

The email was flagged to the company on social media, who confirmed they would investigate.

The links in the emails likely contain Emotet, a type of malware that could steal bank account details by intercepting traffic.The links in the emails likely contain Emotet, a type of malware that could steal bank account details by intercepting traffic.

Ireland’s Electricity Supply Board Targeted in Phishing Attack

Hackers have targeted Irish energy networks amid warnings over the potential impact of intensifying cyber attacks on crucial infrastructure.

Senior engineers at the Electricity Supply Board (ESB), which supplies both Northern Ireland and the Republic, were sent personalised emails containing malicious software by a group linked to Russia’s GRU intelligence agency, The Times reported.

Analysts told the newspaper the cyber attack intended to infiltrate control systems, giving hackers the power to take out part of the electricity grid with similar tactics that have caused mass outrages in Ukraine.

Ireland’s National Cyber Security Centre is investigating the attempt, which did not cause disruption to the network but may have allowed hackers to steal passwords and other information.

Oz Alashe, a former special forces Lieutenant Colonel and chief executive officer of cyber security platform CybSafe, characterised the attempt as a “spear phishing” attack.

Like regular phishing attacks, it involves the use of emails to illicit information or make the user click on a link to trigger malicious software, but utilises personal information on targets to heighten the chances of success.

Mr Alashe told The Independent there has been an increase in reported attacks on crucial national infrastructure around the world.

“Attribution is exceptionally hard to do but a large proportion of these attacks are believed to be state sponsored,” he added.

The analyst said that some countries are known to “outsource” the task to criminal groups, who may also sell on information for profit.

The attack in Ireland was revealed after American officials said Russian government-backed hackers were behind recent cyber attacks on US nuclear power stations.

The FBI and Department of Homeland Security sent a joint alert to the energy sector in June warning that that “advanced, persistent threat actors” were stealing network log-in and password information to access company networks.

In similar tactics to those seen in Ireland, officials said hackers had been sending tainted “phishing” emails containing malicious attachments to compromise their targets.

Ashley Madison Agrees to $11 million Settlement Following Data Breach

The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.

Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis.

Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan “Life is short. Have an affair.”

But the breach cost privately held Ruby more than a quarter of its revenue, and prompted the Toronto-based company to spend millions of dollars to improve security and user privacy.


HazMat Fire Forces Evacuation of Homes & Businesses

Specialist crews attended due to hazardous materials at the Wyman Gordon complex in Livingston’s Houston Industrial Estate.

Reports on social media suggested businesses in the area had been evacuated due to a “risk of explosion” during the incident around 2.15pm on Friday.

A local indoor five-a-side football firm was also evacuated and told customers they would be closed for the remainder of the evening due to the blaze, which broke out at the Caledonian Alloys building in the complex.

One eyewitness worker said: “The smoke moved rapidly and all were moved back from area quickly and gradually further away from area to the point of being outwith Houstoun Road where road was closed.”

Response: The blaze caused large plumes of smoke.
Response: The blaze caused large plumes of smoke. Jordy Hinde

The Wyman Gordon factory creates products for the aerospace and energy markets.

Police Scotland said: “We’re currently supporting the Scottish Fire and Rescue Service in responding to a fire at a warehouse in Houston Industrial Estate, Livingston, after being called at 2.32pm on Friday. “Specialist chemical support units are also in attendance and crews wearing breathing apparatus are using high powered hoses to tackle the flames.”

“A number of nearby premises have been evacuated and road closures are in place.

“The public are asked to avoid the area and local residents are advised to keep their windows closed.


BUPA Hit by Data Breach

Bupa has admitted to a massive data breach after customer information was copied and deleted in a violation of rules.

The security incident occurred after an employee copied and deleted the details of 108,000 customers with international health plans. The tampered with data included names, dates of birth, nationalities and some contact details.

The company said no medical or financial data was lost and that it is alerting customers whose information had been affected.

It warned customers that their “policy information has been inappropriately copied and removed” and that they should be suspicious of fraudsters who might try and use the details for financial gain.

“We know that this will be concerning and I would like to personally apologise,” the letter said. “Protecting the information we hold about you is our absolute priority and I am sorry that this has happened. We are taking this seriously and taking steps to address the situation.”

Bupa assured customers it hadn’t suffered from a cyber attack and said a rogue employee was to blame.

“This was not a cyber attack or external data breach, but a deliberate act by an employee,” the company said.

Bupa has fired the employee responsible for the problem. It said it is investigating the issue and has added additional security measures in the mean time.

“A thorough investigation is under way and we have informed the Financial Conduct Authority and Bupa’s other UK regulators,” said Sheldon Kenton, managing director of Bupa. “The employee responsible has been dismissed and we are taking appropriate legal action.”