So what happened in February?
At Digital Pathways, we understand a thing or two about cyber security and the risks surrounding data breaches. As you would expect, we strive to keep on top of major events where a firm or individual falls foul of cyber criminals. With the details understood, we can then impart our knowledge and advise people on how best to avoid similar threats.
Despite this, even we couldn’t believe the sheer quantity of attacks that took place in February this year, or the lack of coverage that these breaches and attacks were given. Seeing the many data breaches and cyber security failings still taking place around the world made us wonder whether as a society we are already becoming deaf to the escalating threats posed online. From ransomware attacks that devastate families, to careless and malicious employees causing irreparable damage to an organisation, we all seem to have become desensitised to the risks.
This is a real problem, as digital security is such an evolving, fluid process. The longer you stay static, the more difficult it is to keep up. As technology evolves, so do the malevolent attempts to hack from criminals. Fall too far behind, and you may never catch up, and the risks could become all the greater.
We felt it was right to publicise just some of the hacks that took place in the UK during the shortest month of the year, to show the diversity of both the attacks and their victims:
Yahoo Cookie Attack
A data breach that happened towards the end of 2016, but that has only just come to light, saw Yahoo users subjected to a sophisticated hack that gave access to their accounts without the need for a password. In an interesting and disturbing twist, rather than stealing a password to log in to a user’s account, hackers instead tricked a web browser into telling Yahoo that the user had already logged in. These forged cookies gave instant access and caused huge problems.
NHS Website Hack
Six NHS websites belonging to organisations in the south-west of England we subjected to an attack from Islamist hackers. Despite being used to protect sensitive information, the systems were hacked and graphic, violent images of the Syrian war were put in their place. Two sites received particularly harmful damage, but it is believed that the hackers left personal information on the system untouched.
Tiverton Town Hall Ransomware
This Devon based council were attacked by a ransomware virus that demanded £3,000 in return for the stolen documents. The virus infected the IT system used by Tiverton council and wiped council documents dating back to 2015. The virus was attached to an email that purported to be from a parcel delivery company.
Cardiff Council Email Error
In Cardiff, a Data Protection breach saw hundreds of confidential email addresses shared with landlords across the city. The email was sent to the Rent Smart Wales mailing list, with each recipient’s address visible. The email was to remind landlords that were yet to complete the new landlord registration. Due to the error, all private addresses have now become common knowledge, as has their failure to complete the exam.
GoCardless Laptop Theft
The theft of 19 laptops from the London headquarters of payment processing firm, GoCardless, shows that the risks to confidential information are physical as well as digital. A burglary saw password protected, but not encrypted, devices removed from the building. Although payment data was not compromised, it was confirmed that personal customer data, including email addresses and passport numbers, was stored. Although the lack of financial details is positive, the leak of information could still easily lead to phishing and identity theft crimes.
And from slightly further afield:
German ‘My Friend Cayla’ Data-Collecting Toy
It has been advised by the German privacy watchdog that a toy doll capable of collecting private information is destroyed. As well as being able to collect data, ‘My Friend Cayla’ can also be used to talk to children, something that leaves it open to abuse from hackers. The biggest issue is perhaps the complete silence over how the information gathered will be used, without any limitations on collection, use or disclosure on the conversations recorded.
The key, as ever, is to stay vigilant. As the above hopefully illustrates, cybercrime comes in many different shapes and sizes. Be cautious, invest in the best protection you can afford and stay safe online.