Report

Weekly Threat Report 1st December 2017

Created:  01 Dec 2017
Updated:  01 Dec 2017
NCSC Threat Report
We would like your feedback on the Weekly Threat Report. Please send us your thoughts, suggestions and queries using our 'Contact Us' page.
This report is drawn from recent open source reporting.

Imgur compromise

Image-sharing website Imgur has been alerted to a security breach in which the email addresses and passwords of 1.7 million users worldwide were compromised in 2014. Investigations are ongoing but in a public blog post, the company’s CEO has said that, although passwords were hashed using SHA-256 at the time, users should still take precautions such as using a different password for every site and application.

The website does not hold any other personal data on its users beyond email addresses, but victims who use the same email and password combinations across multiple applications or websites may be at risk. This incident is indicative of an increasing frequency of online data breaches and it is important for users of online applications to diversify their passwords to prevent being targeted when their passwords are leaked on other platforms. It is also important for companies to use a recommended form of protection for passwords in databases.

The breach was discovered by a security researcher who highlighted the “exemplary” response by the company, in which action was taken just over 24 hours after it was alerted to the compromise.

Companies should be aware that Europe’s GDPR (General Data Protection Regulation), which comes into force in May 2018, will be enforced by the UK’s Information Commissioner’s Office and will stipulate that data breaches must be responded to within 72 hours or a hefty fine will be issued. This could potentially amount to €20 million (approx £17.6m) or 4% of a firm's global turnover (whichever is greater).

Cyber criminals target the Regional Transit System in Sacramento, California

Cyber criminals have reportedly compromised the corporate IT system of the Sacramento Regional Transit District (SacRT), deleting internal operations data. SacRT is the sole operator of local public bus and tram services in the Sacramento area of California, but reports suggest services were unaffected by the breach.

The attack began when hackers defaced SacRT’s website, stating that they were “good hackers” seeking to help the organisation fix website vulnerabilities and requested SacRT contact them. When contacted, the attackers said they had access to corporate systems and demanded $7000 worth of Bitcoin be paid to prevent deletion of data. SacRT refused to pay the ransom resulting in approximately 30% of its data being deleted. This affected the organisation’s internal operations including the ability to dispatch employees and assign buses to routes.

SacRT was able to make use of backups to restore the deleted data. The organisation also took down its website and shut down systems used to process credit card payments as a precaution. Passengers were still able to pay fares using cash and through SacRT’s mobile app that is hosted separately on a cloud-based system. It is reported that customer data was unaffected by the breach and that no data was stolen.

This incident demonstrates how quickly cyber attacks can escalate. It is important to maintain secure backups of business critical data to ensure organisations are able to recover from a range of incidents including a data deletion attack or ransomware. The NCSC has published guidance on factors to consider when backing up data.

--

The Cyber Security Information Sharing Partnership (CiSP) is a great way of learning more about threat information as well as engaging with industry and government counterparts. Follow the link below for more information.

Join CiSP

 

Was this report helpful?

We need your feedback to improve this content.

Yes No