Cyber_Bytes - Issue 57
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Financial Services Firms Experience a Threefold Surge in Reported Cybersecurity Breaches
Cybersecurity breaches in the UK financial services sector have surged threefold between 2021-2022 and 2022-2023, with the pensions sector being hit the hardest, according to research conducted by RPC. Reported incidents to the ICO have risen from 187 to 640, with the pensions sector seeing a significant increase from 6 to 246 reports. This uptick is raising concerns, especially in pension schemes. Richard Breavington, Head of Cyber and Tech Insurance at RPC, emphasises the importance of cybersecurity in fulfilling legal duties for pension scheme trustees, as they can be held liable for inadequate cyber risk management.
You can read RPC's article here.
UK National Agencies Publish White Paper On Ransomware
The National Cyber Security Centre (NCSC) and National Crime Agency (NCA) have recently published a new White Paper on the ransomware industry. The paper outlines how it has grown in to one of the key markets for fraudsters and provides background on how the strategies of organised criminal groups (OCGs) have evolved.
The paper examines the entire attack path of the cybercriminal system. This includes how initial access is provided, the methods used to exploit that access and the systems through which OCGs have been able to monetise breaches.
A key focus in the paper is how targeting individual ransomware strains can provide only a limited benefit in preventing attacks. This is largely due to the adaptability of the industry to consistently reinvent their strategies. Instead, the paper proposes that a comprehensive approach is required focusing on threat actors further upstream who are driving the monetisation of ransomware to deal with the root causes of these attacks.
Some of the other key takeaways from the paper are:
- Ransomware attacks have significantly increased since the previous 2017 report, with an estimated 745,000 computer misuse offences last year and UK businesses remaining a valuable target for attacks.
- Smaller threat actors have become an increased threat to businesses due to the increased ease of access to ransomware tools creating fewer barriers to entry.
- One of the most significant risks has been the increased focus from criminals on maximising pay-outs by combining data theft with extortion in a bid to increase the pressure on victims to pay out and risking potential reputational damage for businesses.
- Often the initial access is gained not due to sophisticated techniques, but instead as a result of poor cyber hygiene.
The published Whitepaper is available here.
Memorandum of Understanding between the National Cyber Security Centre and the Information Commissioner
The Chief Executive of the National Cyber Security Centre, Lindy Cameron, and the Information Commissioner, John Edwards, have jointly signed a Memorandum of Understanding (MoU) outlining how the organisations will work together. This MoU acknowledges that both organisations possess distinct roles but can find common ground on specific issues and resolve conflicts on others.
The key features of the MoU are:
- The Commissioner will encourage organisations to work with the NCSC on cyber security matters.
- The ICO commits to considering how it can demonstrate that engagement with the NCSC will help to reduce regulatory penalties.
- The ICO will try to enhance the NCSC's awareness of cyber attacks in the UK by providing information on cyber incidents in an anonymised format.
Additionally, when a cyber incident holds national significance, specific incident details will be shared. This collaborative effort aims to contribute to making the UK a secure online environment, maintaining the relevance of NCSC's advice and guidance, and ensuring that NCSC services remain aligned with the threat landscape.
- In cases where both the NCSC and ICO are involved in a cyber incident, they will make efforts to coordinate their actions to reduce disruption to an organisation's attempts to control and reduce harm. In this process, the Commissioner will aim to facilitate organisations in focusing their efforts on engaging with the NCSC and its partners immediately, especially when it is crucial for mitigating the situation.
- The NCSC and ICO will encourage feedback to ensure continuous improvement in their collaborative efforts.
- The NCSC and ICO will strive to enhance available cyber security guidance.
You can read the Memorandum of Understanding here.
Fresh Sanctions Imposed on Russian Ransomware Group
The U.S. Department of Justice is issuing indictments against nine individuals linked to Trickbot malware and Conti ransomware activities. These individuals were allegedly influential members of the group with various key roles.
The group allegedly extorted £27 million from 149 UK victims and caused around $800 million in global extortion attacks.
These sanctions are the latest round of designations following the first joint UK-US sanctions against seven members of the same group earlier this year. All of these cyber criminals are now subject to travel bans and asset freezes.
As well as targeting criminals, the NCA, in collaboration with global partners, actively targets ransomware tools. The NCA recently helped dismantle the Qakbot malware, which caused widespread damage and was previously used by Conti group. Sanctions aim to disrupt ransomware operations and profit-making by such groups.
The NCA advises organisations to assist with obstructing activities of ransomware groups by bolstering online resilience. Ransomware victims should report incidents through the UK Government's Cyber Incident Signposting Site and enhance cybersecurity to prevent attacks.
You can read the article here.
Former Council Employee Fined for Unlawful Access of Data
On 13 September 2023, the Information Commissioner's Office (ICO) sentenced a former family intervention officer, for the unlawful access of social services records.
The officer previously worked for St Helens Borough Council and, for the period 17 January 2019 and 17 October 2019, was found to have unlawfully accessed the council's case management system without having a business need to do so. An internal audit carried out by the council found that the officer had looked at the records of around 145 people during this period of employment. She has since resigned from her position at the council and pled guilty to the offence of unlawfully obtaining personal data before Wigan and Leigh Magistrates Court. As a result, the officer was fined £92, ordered to pay court costs of £385 and also paid a victim surcharge of £32.
Andy Curry, the head of investigations for the ICO, said that they were pleased with the ruling and that it sent a clear message "that we will take action against people who take it upon themselves to abuse their position of trust."
The full statement from the ICO can be located here.
Casinos Advised to Stay Vigilant Amid MGM Resorts Cyberattack
MGM Resorts has experienced a more than 6% drop in its stock price, prompting an FBI investigation into a recent cyber incident. The $14 billion company, known for its global hotel and gaming operations, including those in Las Vegas, has encountered disruptions such as malfunctioning slot machines, offline restaurant reservations, hotel bookings, digital room keys, and corporate email systems, as evidenced by social media posts.
Credit rating agency Moody's has cautioned that the cyberattack exposes significant risks within the company, which had suffered a previous attack in 2020 that exposed personal data of 10 million customers. MGM has acknowledged the potential "material effect" of this week's cyber incident on its operations, as reported in a filing with the US Securities and Exchange Commission.
While the FBI's investigation lacks specific details, Reuters sources suggest that a hacking group called Scattered Spider is responsible for the attack. This group, identified last year, has targeted various businesses, earning a reputation as a prominent threat actor in the US, according to Charles Carmakal, Chief Technology Officer at Mandiant Intelligence. Bloomberg also reported that another entertainment company, Caesars, fell victim to the same group.
You can read the article here.