Cyber Attack News, Articles and Updates

NHS could have prevented WannaCry by following IT security best practice

Even after warnings, NHS trusts did little to update or replace legacy software and the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks says the National Audit Office.

SMASHINGCOCONUT looks a lot like malware used by North Korea in Sony attack

A newly identified malware, SMASHINGCOCONUT, bears a striking resemblance to malware used by North Korea in a November 2014 cyber-attack on Sony, the Department of Homeland Security (DHS) said in an intelligence note.

Update: Cyber-attack knocks US Energy Services Group offline

A cyberattack against Energy Services Group (ESG), which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company's systems offline.

Counting the costs of DDoS attacks - prepare in advance

If your business has an online presence or internet-facing network infrastructure, you really need to understand the significant threat posed by DDoS attacks today and put measures in place now to mitigate them.

Cyber-attack knocks Energy Services Group offline

A cyber-attack against Energy Services Group (ESG), which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company's systems offline.

UK businesses financially unprepared for cyber-attacks

In spite of the prevalence of cyber-threats facing every business sector, a survey has found that two thirds of businesses do not have a financial plan in place in the event of a cyber attack.

Fancy Bear suspected in United Kingdom's Anti-Doping Agency cyber-attack

Fancy Bear hackers are suspected of launching a foiled cyber-attack on the UK's Anti-Doping Agency.

Organisations need to identify nation state attacks - but not attackers

For an enterprise security team to attempt investigate who is behind an attack is extremely complicated and time consuming, and most importantly does very little to improve the organisation's defences against further attack.

SEC issues cyber-security guidance disclosure

"Principles-based" guidance issued by the Securities and Exchange Commission (SEC) Wednesday clarifies how the commission views the disclosure responsibility of public companies that have fallen victim to a cyber-attack.

2018 Winter Olympics hit with destroyer malware during opening ceremony

Warnings that the 2018 Winter Olympic Games would be the target for hackers came true almost immediately as the Pyeongchang computer system was hit with a "destroyer" cyber-attack knocking its website and other services offline.

Baby boomers more cyber-security savvy than Gen-Z, study

Generation Z are the least ransomware savvy generation while baby boomers were more likely to accurately define ransomware and were the savviest when it comes to not forwarding emails from unknown senders.

A high-impact cyber-attack on UK likely in the next 2 years

It is a matter of "When, not if" a major cyber-attack on the UK will happen says Ciaran Martin, head of the NCSC. This statement raises the prospect of huge disruptions to the British government and critical infrastructure.

Hack of initial coin offerings leads to loss of millions in cryptocurrency

Initial coin offerings (ICO) are losing about 10 percent of all ICO funds generated to cyber-attack due to poor cyber-security as malicious actors take advantage of the absence of a centralised authority.

Proposed Pentagon plan sees nuclear response to some cyber-attacks

A massive and crippling cyber-attack upon the United States' infrastructure could elicit a nuclear response under a newly drafted strategy that has been presented to President Trump.

Cyber-attack shuts down US Regional Hospital's online system

A cyber-attack that left computer screens at Hancock Regional Hospital in Greenfield, Indiana, USA, with a ransom message for bitcoin has caused the entire network at the hospital to go offline to stop damage to data of the patients.

ICO levies £400,000 fine on Carphone Warehouse following 2015 data breach

Following a cyber-attack in 2015 that caused a data breach from one of Carphone Warehouse's computers, the company has just been given a £400,000 fine, one of the highest fines for a data-breach in the UK to date.

Ukrainian software company compromised to spread Zeus banking trojan

Cyber-criminals launched a cyber-attack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

Growth in impersonation attacks greater than malware attacks

While many organisations still fear of malware being the main burden to their email cyber-resilience, the findings show only 15 percent increase in these type of email attacks compared to the last figures.

Cryptocurrency thieves steal £51 million of Bitcoin from mining platform

Hackers may have gotten away with £51 million of bitcoin after a cyber-attack hit the cryptocurrency mining platform NiceHash. The attack was highlighted on Twitter and Reddit with users saying they may lose hundreds of dollars.

Action Fraud launches 24/7 helpline to combat cyber attacks

Action Fraud, the UK's national fraud and cyber-crime reporting centre, has launched a 24/7 live cyber-attack helpline. During its pilot since October 2016, Action Fraud's 24/7 cyber-helpline received 377 reports.

'Crash' testing programme needed to achieve autonomous vehicle security

Driving the Autumn Budget - speed of introduction causes concerns over safety of autonomous vehicles, including terrorist take-over, plus where responsibility lays - user, manufacterer (hardware/software) and regulator.

Arabic, Urdu, Persian, Pashto InPage processor used by 3 malware families

An exploit in the InPage word processor program was used as an attack vector by three malware families. The word processor supports languages such as Urdu, Persian, Pashto, and Arabic.

ONI ransomware used to cover track in long-term attacks against Japanese firms

A new strain of ransomware has been used to attack Japanese firms and delete evidence, according to security researchers. Hackers made significant attempts to hide covert operations.

Attack is imminent - get "back to basics" - not just during CyberSec month

Patching and application control should be first on the list to strengthen your organisation against attack, but take a strategic approach, and don't just patch for the latest WannaCry, but for the next big attack too says Amber Boehm.

Iran is being blamed for a cyber-attack against Parliamentary emails

The 23 June 12-hour brute force hack-attack against 9,000 parliamentary email accounts, including minsters and the PM, is now being blamed on Iran.

Defence minister says Poland fended off Russian cyber-attack on businesses

Poland's defence minister reportedly disclosed that his country successfully stopped yet another Russian cyber-attack.

Malicious websites targeting Israeli institutions- TwoFace webshell link

A webshell used to harvest credentials from an unnamed Middle Eastern organisation appears to be targeting Israeli institutions and may possibly be linked to the Iranian APT group OilRig.

Avast narrows down probable location of CCleaner attacker

Avast continued to reveal further details surrounding the cyberattack that placed a backdoor in its free computer maintenance app, CCleaner. Attack believed originated from a country located in the UTC + 4 or UTC + 5 time zones.

Tier one incident expected, Government cyber-specs likely - NCSC

We can expect to see a cyber-security incident at a category one level within the next few years. The government specifying what it will buy is an effective way of changing the market - Ian Levy, technical director, NCSC

WikiLeaks homepage defaced as it dumps more CIA hacking tools

The Central Intelligence Agency can take some small comfort that as WikiLeaks was preparing for its latest dump of the spy agency's Vault7 hacking tools, a group of hackers was busy defacing WikiLeaks' homepage.