The latest news from SWCRC

Welcome to the final monthly newsletter of 2021. We hope it’s been a good year for you, and although a few of you have had cause to contact us about cyber attacks over the course of the year, we’re reassured that we’ve had far more conversations with our members about getting the cybersecurity basics into place. We’re here to help, so please do make use of us: and if you haven’t implemented many of our recommended changes, start thinking new year’s resolutions. We strongly suggest that cyber aware is a great place to start. Given that the average cost to a small business is over £8k when they fall victim to cyber attack, it’s worth taking a few hours over the holiday period to reduce your risk. And you won’t need to get too technical. Go on: you can do it. 

 We also wanted to conclude the year by reflecting on our own progress, as we get towards 450 members. We’re delighted to be helping so many of you now, and we hope that you find our updates useful enough that you’re pleased to be with us too. We do know that lots of you read and interact with this newsletter, and we also know that you’re safer as a result.

And by now you know that our free offer is genuinely a free offer, and that we’re not here to put sales pressure on you or to make money from you. So as Christmas approaches, if you think that our service is worth recommending, please tell someone about it and encourage them to sign up too. You might just save someone you know from a host of business problems. 

Thanks, and enjoy the month’s updates.   


Mark Moore, Director, SWCRC 
Monthly threat assessment

Welcome to this month’s threat assessment. This month, we were struck by the fact that although cyber resilience can seem complicated and daunting, it’s the simple things that continue to make a difference. A few headlines cropped up to prove our point, and provide some great learning for smaller businesses. 

 Firstly, the US oversight committee published a report into three breaches which affected food supply, fuel supply, and finance across the country, and which resulted in over $55 billion of ransom payments being made to cybercriminals. (Money which they’re now using to target the rest of us). In each case, the initial access to systems was through a minor lapse of security, like a weak user password or an ill-advised download. Someone must be kicking themselves. 

Secondly, Microsoft’s security team are blogging about the increased activity from the group that launched last year’s infamous ‘solar winds’ attack, where a Russian group successfully compromised highly-sensitive government data by infecting a widely-used IT tool. The group is again focusing on IT resellers and technology service providers – and we have several of these companies in our own client list. To date, Microsoft suggest that they’re mostly trying to use basic tactics like phishing and password spraying to steal admin privileges. Please, for all of our sakes, if you’re one of these providers, get those basic protections right, and do take a look at the blog where Microsoft are offering additional help, support and services. 

Lastly, and slightly concerningly, the Royal Courts of Justice had their security breached. The attached article is really interesting reading. Actually, the breach was to a boiler pump management system, which doesn’t sound too worrying, and probably isn’t too surprising either, given that those managing a building are unlikely to be IT experts. But it’s by getting onto one device in a network that cybercriminals expand, unchecked, into more sensitive systems. This is genuinely worth checking: have your own buildings team reset default passwords? 

So if we’ve convinced you that the basics are really important, let us introduce you to the latest list of popular passwords from NordPass. It’s not good news if you’re using ‘password’ as a cunning double bluff. But we’re pleased to see that while Liverpool, Tottenham and Arsenal are all in the list, BristolCity, Exeter, Bournemouth and Swindon aren’t. Which definitively proves that we’re a safer region thanks to you guys being on our team. Seriously, the list is worth a look: you can filter it by country, and if your password is there, remember the advice about three random words and change it. You can bet your fifty-five bottom dollars that someone in the US is wishing that they did. 

 The busy period is coming up for those of you in retail, and indeed for those of us who shop. For sellers, we want to make you aware of ‘skimming’ attacks, which insert malicious code into your website, so that all payment details put onto it can also be passed to cybercriminals. This is unlikely to make your customers happy. There isn’t a non-technical fix to ensure you’re safe, but we do provide services which can check your system for vulnerabilities using our student team. Although we never want to be on a sales pitch, you might want to consider this if you’re taking a lot of money via your website. And a new suggestion for us all to help each other: the government’s National Cyber Security Centre does now have a reporting site for fake websites. They crop up an awful lot at this time of year, trying to lure unsuspecting shoppers, so let’s flag them up and take them down. Please, tell a friend. 

On this note, we also liked the news that a sizeable cybercrime ring was taken down in Korea this month. As one commentator noted, it’s only because reports were made to the authorities that the dots could be joined. It’s always worth doing what you can, and together we’ll make a difference. 

If you have an Android phone, we wanted to draw your attention to the new Sharkbot malware, explained (with screengrabs) in this article. In short, it masquerades as an app like those shown below, but it repeatedly requests some unusual access permissions and pesters you until you give in.  At which point, it will be able to overwrite fields in your banking apps, and ensure that payments go to an account that you weren’t intending to fill. Be very careful of the permissions that you give apps, particularly if the permissions are of the sort that Android itself warns you to watch out for.  

 

And lastly, our usual section on breaches. Some big news this month. Brittany Ferries potentially exposed the customer data of 25000 individuals, including addresses, phone numbers, dates of birth, and passport numbers. Beware of unsolicited contact from anyone quoting these details, or indeed from someone suggesting that they’re Brittany Ferries. That’s not the big news though. The web hosting company GoDaddy, which has over 20m customers worldwide and probably several of you, was compromised. A variety of usernames, passwords and private keys were compromised, and the company claim to be contacting all affected customers, and to be changing passwords where relevant. However, that won’t ensure that no-one has messed with the websites before passwords were changed, potentially injecting malicious code. It took a month and a half before the compromise was spotted. We don’t have an easy fix for you but suggest that
(a) you ask GoDaddy what they’re doing to reduce the risk for you,
(b) you could ask us to check if your site is vulnerable, but this will cost you and won’t currently give you a categorical answer as to whether a compromise has taken place, or
(c)  you can seek professional help from a cyber expert.

We’re happy to refer you to our trusted partners for advice if you don’t know where to start.
Institutes of Technology 
Government direction to deliver higher technical skills


Institutes of Technology (IoTs) are unique collaborations between existing further education colleges, universities, and leading employers.

Underpinned by £290 million of government investment to fund industry-standard facilities and equipment, IoTs represent an exciting new model for skills delivery.

Focused on strengthening higher technical education, each IoT delivers courses in one or more technical specialisms, providing learners with a route into STEM-based occupations such as automotive engineering, cyber security, agri-tech, aerospace, healthcare and lab science.

Employers can be confident that people studying at an IoT are gaining the skills needed now and in the future. Through our partnerships, we are embracing new technologies, pedagogies and research, which we share across the Institute of Technology Network.

There are currently over 40 FE colleges and 17 universities involved in twelve regions of the UK, with an expansion to eight more regions and dozens more FE colleges and universities in 2022.

On top of the investment in equipment and facilities, there are several current funding initiatives to promote a focus on industry skills needs.  The ‘Adults In-Work Skills’, ‘Emerging Skills’ and ‘Higher Technical Growth’ funds are all targeted to design, develop and deliver the next-generation of skills.  As part of the ‘Skills for Jobs’ reforms there are several opportunities for employers and individuals to take on fully funded higher-level courses including a choice of cyber qualifications.

Stephen Mariadas 
Can you complete a survey on cyber resilience?

We've been asked to share details of a research project about cyber resilience.

This piece of research is interested in exploring cyber resilience, including reviewing available guidance and best practice. 


The survey can be accessed at the following link

Dates for your diary


Feb 22 - 23 2022, London

.

Ransomware attacks have surged 311% in the past year with a business now being attacked every 11 seconds. From crippling the Irish healthcare system and shutting down 45% of the eastern United States’ fuel supply to stopping manufacturing and production lines globally, attacks are hitting hard.

Ransom demands have surpassed £50 million, and the average cost of recovery is around 10 times the size of the ransom demanded. The 2022 Ransomware Resilience Summit Europe will bring organisations and their expert advisors together to benchmark resilience and business continuity planning, share lessons learned and enable businesses to better protect themselves.

Are you fully confident in your organisation’s ability to detect and defend against a ransomware attack?

Join us alongside leading cybersecurity experts from Europol, Trainline, HMRC, Aston Martin and Barclays to learn how to identify cybersecurity threats and ensure strong mitigation plans; determine internal roles and responsibilities; practice cybersecurity hygiene as an organisation; and apply lessons learned from past victims.

Download full agenda

With tickets starting at just £499, you could potentially save your business millions of pounds if you register today. Apply your exclusive discount code ‘SWCRC20’ at checkout to save an additional 20% on your ticket price.

Register now

For more event information click here.
For sponsorship opportunities, please contact Ellis at ellis.fordham@kisacoresearch.com
For more information on our USA Ransomware Resilience Summit click here.


News from the Regional Cyber Crime Unit