Business Continuity & Cyber Security Incident Log w/e 23/06/2017

18
Business Continuity Incident

New scam e-mail promises drivers are owed a refund on their car tax from the DVLA.

Motorists have been sent fake e-mails from scammers pretending to be the Driver and Vehicle Licencing Agency.

According to BBC Watchdog, drivers have received an e-mail which appears to be from the DVLA and asks them to follow a link to fill out their personal information.The scam e-mail tells owners they have an “outstanding vehicle tax refund of £239.35 from an overpayment request” and are due a refund which can be accessed by following a link. The e-mail carries the official DVLA logos and even features a link to report spam and phishing e-mails.

Local Government Organisation fined By Information Security Commissioner

A council has been fined £100,000 by the data watchdog after its employees’ personal information was compromised in a hacking attack.

Taking advantage of a software flaw in Gloucester City Council’s website, the attacker downloaded more than 30,000 emails from the council’s mailboxes.

These email messages contained financial and sensitive information about council staff, according to the Information Commissioner’s Office (ICO).

The ICO, the UK’s data regulator, said the hacker exploited the Heartbleed security bug – which had been widely reported on and patched months prior to the attack.

Heartbleed was publicly disclosed in April 2014 and was described as “catastrophic” by a number of security researchers and led to warnings from government agencies around the world.

The bug affected OpenSSL, a widely used implementation of a security protocol which users normally experience as a closed green padlock on their browsers indicating that their connection with a site is secure.

The enormous number of services affected by the bug lead a Finnish researcher to coin the name Heartbleed, and register a website and design a logo to raise awareness, although this did not prevent the bug being used to attack websites including Mumsnet after it was made public.

The data watchdog slammed the council for “serious oversight” during its IT outsourcing programme which left staff’s emails open to the attack months after the bug had been disclosed and patched.

Sally Anne Poole, the group enforcement manager at the ICO, said: “This was a serious oversight on the part of Gloucester City Council.

“The attack happened when the organisation was outsourcing their IT systems.

“A lack of oversight of this outsourcing, along with inadequate security measures on sensitive emails, left them vulnerable to an attack.”

The ICO’s investigation found the council did not have sufficient processes in place to ensure its systems had been updated while it changed its IT suppliers.

Ms Poole added: “The council should have known that in the wrong hands, this type of sensitive information could cause substantial distress to staff.

“Businesses and organisations must understand they need to do everything they can to keep people’s personal information safe and that includes being extra vigilant during periods of change or uncertainty.”

Gloucester City Council’s managing director, Jon McGinty, said: “The council is very disappointed with this decision by the ICO, and is considering its position whether to appeal.”

Mr McGinty said there was “insufficient evidence to show that the hacking event took place after the council became aware of the existence of the potential vulnerability”.

“The council believes that the penalty issued by the ICO will have a serious and detrimental impact on its finances, and the services that we will be able to provide to the residents of Gloucester in the future,” he said.

“The council has invested more than £1m over the past three years to further improve its IT security and remains vigilant to the threats that all businesses face on a daily basis.

“The council did account for the risk of this potential fine in its accounts for 2016-17 but nevertheless its payment will only result in money being taken away from the people of Gloucester and given to Treasury.”

 

Information Commissioner Fines Council £150,000

Basildon Council was recently fined £150,000 for publishing sensitive personal information about a traveller family on its website, including details about disabilities and mental health issues.

The Information Commissioner’s Office (ICO) ruled the authority had breached the Data Protection Act when it failed to remove personal data contained in the details of a planning application, which was made publicly available online.

The council received a written statement in support of a planning application for proposed works on green belt land on July 16, 2015. The statement contained sensitive personal data relating to the traveller family who had lived on the site for several years.

The ICO said an inexperienced council officer did not notice the personal information, and there was no procedure in place for a second person to check it before it was published online. The information was only removed on September 4, 2015 when the concerns came to light.

ICO enforcement manager Sally Anne Poole said: “This was a serious incident in which highly sensitive personal data, including medical information, was made publicly available.” A spokesman for Basildon Council said the authority was considering appealing.

Brussels Airport hit by Power Cut

Hundreds of passengers were stuck Thursday outside Brussels airport, which was hit by a terror attack last year, after a power cut caused flight cancellations.

The blackout triggered by a problem in a high-voltage room caused 16 flights to be scrapped and also triggered delays, airport spokeswoman Florence Mulls said.

The Belgian capital’s main airport had to ask many people to wait outside the terminal where officials gave them bottles of water, Mulls told AFP.

Passengers remained calm, she said, adding: “This kind of incident is very disagreable to put up with.”

Officials immediately switched on backup power after the power failure at 5:00am (0300 GMT) but could not get the luggage conveyers working.

Staff moved luggage manually before the conveyers were restarted some two hours later.

“Sixteen flights were cancelled,” Mulls told AFP. “The biggest impact we felt was in the baggage system with suitcases stuck.”

Some 20 percent of the hundreds of flights operating Thursday have also been delayed with further disruption expected “throughout the day”, she said.

Australian Bank Customers Hit By Phishing Attack

A new round of phishing emails purporting to come from Westpac has hit Australian inboxes as the bank works to restore its systems after a major outage.

The phishing campaign, identified by email filtering company, MailGuard, comes a week after an earlier phishing email campaign containing claims of locked Westpac accounts attempted to get users’ details via a dodgy link.

The link in the earlier scam took victims to a replica of the Westpac banking website, hosted on the unrelated domain of a Tanzanian guesthouse, which MailGuard said was likely compromised in an earlier cyber hack.

Now, the bank is again being imitated, according to MailGuard, with another email designed to steal account login information by posing as the bank and telling recipients that their accounts have been blocked.

Like the earlier campaign, the new scam uses a realistic clone of the real Westpac online banking page to harvest account access details, and asks recipients to click on a link to regain access.

 

North Korea Chief Suspect in NHS Ransomware Attack

An internal report by the US National Security Agency, which actually developed the software exploit used to attack Microsoft operating systems, blamed North Korea for the attack.

Intelligence officials cited by the Washington Post said that an internal assessment of the cyberattack attributed it with “moderate confidence” to the rogue state’s spy agency, the Reconnaissance General Bureau.

British security officials have also attributed the malware to North Korea, with that investigation being carried out by the National Cyber Security Centre (NCSC), a part of GCHQ, according to the BBC.

The UK investigation is understood to been considerably more in-depth than the US effort because of the effect that the attack had on the NHS, and because the US was not as badly affected.

Private sector researchers had already managed to reverse-engineer the software and find similarities between it and other malicious code developed by North Korea.

It is understood that the work completed by NCSC was based on a wider ranger of sources, potentially including intelligence collected by GCHQ.

 

Phishing Attack Targets Mobile Devices

Mobile-focused phishing attacks attempt to conceal the true domain they were served from by padding the subdomain address with enough hyphens to push the actual source of the page outside the address box on mobile browsers, a technique known as “URL padding”.

URL padding puts dozens of hyphens in the Web address of a malicious webpage with the address of a legitimate website, this

The phishing attacks target primarily Facebook and use legitimate domain names that have been compromised. The attack is focusing specifically on mobile users, as they use the same URL for the mobile versions of the sites they target

Part of the reason for the effectiveness of the attack is that if the site is delivered via an SMS link, it’s not possible to check the legitimacy of the site before tapping it. And once the victim reaches the spoofed site, the URL padding obscures the true address of the site long enough for many (if not most) mobile device users to fall for the login request.

 

Malicious emails posing as a bill from EnergyAustralia  hits Australians

The email is a precise copy of a real EnergyAustralia bill, with the message noting the bill is due in just a few days. However, the sender is not looking for money, but attempts to trick the recipient into downloading a malware-laden Zip file that contains malicious JavaScript. The sending email address domain was just created and registered in China on June 18 with spam distribution beginning on the morning of June 19.

The attackers were clever enough to make sure each email is unique, with a different about of money owed and different due date. This level of randomization helps defeat antivirus software, MailGuard said.

 

Ransomware cyberattack halts production at Honda plant

Honda Motor Co. said Wednesday it had temporarily suspended production at a factory in Saitama Prefecture after being targeted in a cyberattack employing the same type of ransomware virus that struck firms around the globe last month.

Output at the factory in the city of Sayama had been halted Monday but was restored the following day, the company said.

The Sayama factory produces about 1,000 vehicles a day, it added.

The automaker discovered last Sunday that the production control system at the plant was infected by the malware that encrypts computer files and makes them inaccessible until users pay a ransom.

Honda has also confirmed malware infection at factories abroad, but said that those did not affect overseas production