Business Continuity & Cyber Security Incident Log w/e 30/06/2017

Business Continuity Incident

UK MPs Targeted by Cyber Attack

Parliament has suffered its biggest ever cyber attack as hackers launched a “sustained and determined” attempt to break into MPs email accounts.

The “brute force” assault lasted for more than 12 hours on Friday as unknown hackers repeatedly targeted “weak” passwords of politicians and aides.

Parliamentary officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident.

The network affected is used by every MP including Theresa May, the Prime Minister, and her cabinet ministers for dealing with constituents.

Experts on Saturday night warned that politicians could be exposed to blackmail or face a heightened threat of terrorist attack if emails were successfully accessed.

Largest Ever Data Breach Settlement Reached by Anthem

Anthem Inc (ANTM.N), the largest U.S. health insurance company, has agreed to settle litigation over hacking in 2015 that compromised about 79 million people’s personal information for $115 million, which lawyers said would be the largest settlement ever for a data breach.

The deal, announced Friday by lawyers for people whose information was compromised, must still be approved by U.S. District Judge Lucy Koh in San Jose, California, who is presiding over the case.

The money will be used to pay for two years of credit monitoring for people affected by the hack, the lawyers said. Victims are believed to include current and former customers of Anthem and of other insurers affiliated with Anthem through the national Blue Cross Blue Shield Association.

People who are already enrolled in credit monitoring may choose to receive cash instead, which may be up to $50 per person, according to a motion filed in California federal court Friday.

“We are very satisfied that the settlement is a great result for those affected and look forward to working through the settlement approval process,” Andrew Friedman, a lawyer for the victims, said in a statement.

The credit monitoring in the settlement is in addition to the two years of credit monitoring Anthem offered victims when it announced the breach in February 2015, according to Anthem spokeswoman Jill Becher, who said the company was pleased to be resolving the litigation.

The Indianapolis-based company did not admit wrongdoing, and there was no evidence any compromised information was sold or used to commit fraud, Becher said.

Anthem said in February 2015 that an unknown hacker had accessed a database containing personal information, including names, birthdays, social security numbers, addresses, email addresses and employment and income information. The attack did not compromise credit card information or medical information, the company said.


Amazon Users Targeted in Phishing Scam

Hackers are targeting Amazon shoppers with authentic-looking phishing emails that attempt to obtain personal and banking information.

Amazon users are receiving an email that says a recently-placed order wasn’t processed. The message may say something like: “Amazon is having issues with your order. You will not be able to access your account or make future purchases until we confirm your password and login email address. Click here to confirm.”

On clicking the link the user is redirected to an Amazon page that appears trustworthy.  The fraudulent domain likely has nothing to do with Amazon or may be a slight variation of

The user is led to more pages that ask for sensitive information, purporting to be an account verification process. Data such as credit card account number, Amazon password and home address is requested.

“If you received correspondence regarding an order you didn’t place, it likely wasn’t from,” the company warns on its website.


Travel Company Reports £1.5 Million Cyber Fraud

We lost £1.5m in phishing fraud – you could too’
ATD Travel Services chief Oliver Brendon warned delegates not to be complacent as he revealed how the firm lost £1.5 million in a ‘phishing’ fraud in 2015.
Brendon told the Travel Weekly Cyber Security Summit in London: “We were totally focused on sales, not thinking about risk. We’re quite risk-averse now.”
The company, which operates attraction ticket brands including Attractions Tickets Direct and Do Something Different was the victim of a sophisticated phishing attack by a criminal gang.
Phishing attacks aim to obtain the information to facilitate a fraud, often through fake emails.
Brendon said: “Phishing scams are surprisingly common.” He was on leave when he received an email supposedly from a company he had invested in.
By the time he realised it was fake and had changed his passwords it was too late. His email was compromised, along with his mobile which was synched with his laptop, and a virus had shut down the phone.
He said: “The fraudsters were filtering my email. They knew I had no phone and where I was.”
While he was out of contact, the firm’s finance director was sent mocked-up invoices “with reassuring messages as if from me” urging payments to accounts in Dubai and Malaysia. Over five days, more than £1.8 million in payments were made to the fraudulent accounts.
Brendon said: “You may ask why our bank allowed these payments, but they did. We lost almost all our balance sheet.
“I called the City of London Police and wrote to the police commissioner. The police sought cooperation in Dubai and Malaysia. I even wrote to the home secretary.
“We hired expensive lawyers who said we could get a court order in Dubai but the money would be gone. So we gave up.”
The company did recover some of the payments. But Brendon said: “I realised that apportioning blame would not get the money back. The problem was we focused solely on sales and not on risk. We had got complacent.
“Now we have very strict security in payment processes, more monitoring and good insurance.”
Brendon told the summit: “I know you’re thinking ‘this could never happen to me, but it can.”

Petya Cyber attack Hits Global Corporations

The ‘Petya’ cyber attack is affecting major companies around the world.

The ransomware initially attacked businesses in Ukraine, but has spread to more countries, including Russia and the UK.

It’s locking users out of their computers, and demanding a payment of $300 in Bitcoin from them.

These are the companies and organisations that have confirmed they’ve been affected by the Petya attack.


Russia’s top oil producer Rosneft said its servers had been hit been a large-scale cyber attack but its oil production was unaffected.

A.P. Moller-Maersk

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyber attack had caused outages at its computer systems across the world.

Maersk’s port operator APM Terminals was also hit. Dutch broadcaster RTV Rijnmond reported that 17 shipping container terminals run by APM Terminals had been hacked, including two in Rotterdam and 15 in other parts of the world.


Britain’s WPP, the world’s biggest advertising company, said computer systems within several of its agencies had been hit by a suspected cyber attack.

Merck & Co.

Pharmaceutical company Merck & Co. said in a tweet its computer network was compromised as part of a global hack.

Russian Banks

Russia’s central bank said there had been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected.

All Russian branches of Home Credit consumer lender are closed because of a cyber attack, an employee of a Home Credit call centre in Russia said.

Ukrainian Banks, Power Grid

A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack that disrupted some operations, the Ukrainian central bank said.

Ukrainian International Airport

Yevhen Dykhne, director of the capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook.

Saint Gobain

French construction materials company Saint Gobain said it had been a victim of a cyber attack, and it had isolated its computer systems to protect data.

Deutsche Post

German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyber attack.


Germany’s Metro said its wholesale stores in the Ukraine had been hit by a cyber attack and the retailer was assessing the impact.

Mondelez International

Food company Mondelez International said employees in different regions were experiencing technical problems but it was unclear whether this was due to a cyber attack.


Russian steelmaker Evraz said its information systems had been hit by a cyber attack but its output was not affected.


A ransomware cyber attack was reported in Norway, affecting an unnamed international company, says the Nordic country’s national security authority.