The breach figure for April took a nosedive compared to previous months, with ‘just’ 4.3million records breached, compared to 42 million in March, 29.5 million in February, and a whopping 277.6 million in January. Over 50% of April breached records came from a US medical services provider – Shields Health Care Group – who saw 2.3million records breached through a directed attack. It is probable that April’s actual breached records are higher, but many of the attacks which happened in April are ongoing, including a major hack on IT provider Capita, which is likely to have breached millions of records. It is expected that these figures will emerge in due course.
Here’s the other top stories you need to read:
New Mac malware can steal data
New malware called “MacStealer” is capable of stealing files, cryptocurrency, and even Keychain passwords from Mac devices according to a new study. Thankfully, it isn’t that sophisticated (yet!) and requires users to click on the file. It is expected that the malware will be developed in the coming months to present a greater threat to Apple devices.
Fake ransomware offers a reminder not to panic
A series of scammers have been mimicking ransomware, without actually encrypting files. Relying on widespread panic, these scammers hope victims will pay out without checking their systems. While you must always take ransomware threats seriously, and handle them quickly, this story serves as an important reminder to keep a level head. This is why the first step in an attack is not to panic, then start recording the important details and turn off infected devices, before contacting experts like us.
Fake Google Chrome updates are spreading malware
Threat actors are compromising everyday websites and then using those websites to peddle fake Chrome updates. The updates instead download Trojan malware designed to compromise your systems. This is an apt reminder to go to the source of the software and not click on unverified links. These attacks rely on lack of attention to succeed.
New GovAssure Scheme seeks to increase UK standards
New and enhanced cyber security measures will better protect the UK government’s IT systems, which run key services for the public, from growing cyber threats. Read all about them +
UK government supplier, Capita, hit by cyber attack
Capita, who provide outsourced services to many public sector organisations, was hit by a three-day outage following a cyber attack. The attack, linked to Russian threat actors also breached client data it was later admitted.
Bank of England calls for boosted security
The Bank of England asked lenders to review and boost their security, amid concerns that Russian-linked groups will target attacks and attempt to plunge the UK’s financial system into chaos. As conflict continues, many UK services have become targets of the attacks, as hackers attempt to destabilise UK support for Ukraine.
New UK regulations will increase device standards
The Product Security and Telecommunications Infrastructure Act 2022 has now been enacted into law, setting minimum security standards for internet-connectable products. It won’t affect legacy technology, but will provide reassurance when buying new tech. Stats show that only 1 in 5 manufacturers of IoT devices currently add even basic cyber security protocols, so this new legislation is welcome news!
Cyber training cannot be passive according to new report
It is no longer enough to have vague cyber principals, or rely on passive actions by your team. New report highlights:
💥 47% of breaches result from known security vulnerabilities
🎣 49% of respondents highlighted an attack from phishing
💽 54% of victims had their data encrypted by ransomware
🗓️ 30% of organisations take more than a month to detect known vulnerabilities.
Humans must be part of the cybersecurity solution
A new report from Gartner (Top Trends in Cybersecurity 2023) has highlighted a human-centric focus is needed, in order to establish an effective cybersecurity programme. Humans are typically the weak link in the cybersecurity chain, but it’s no good trying to eliminate the human element.
ChatGPT banned in Italy
Italy became the first Western country to ban the use of and access to ChatGPT, over data privacy concerns. Other countries including China and the US have responded to ChatGPT with increased oversight with hesitations about the power of AI. Italy later reinstated access to ChatGPT after some moderations to the privacy policy and data handling standards.
Back up service Western Digital suffers outage
Users of Western Digital backup products found themselves unable to access their devices or login to the online portal and their digital backups, following a cyber attack.
Breach at the UK’s criminal records office compromises criminal conviction data
The UK’s Criminal Records Office (ACRO) suffered a significant cyber security incident that forced it to take its website offline for several days. The attack compromised more than 12,000 records as part of the outage.\
SD Worx payroll system compromised
A major European provider of HR and payroll services has suffered a breach. It was forced to shut down the IT infrastructure that supports its payroll and HR services in the UK.
Australia seeks to ban ransomware payments
Several global governments have issued statements asking that individuals and businesses don’t pay ransomware demands, in a bid to make attacks less lucrative and reduce hacker funding. It is expected that Australia will be the first to outright ban these payments, after an attack on Latitude Financial compromised driver’s license numbers, passports and financial documents among the stolen information. It is the largest hack on an Australian company to date, but follows hot on the heels of several other major breaches. What happens here will have global implications on the future of cyber security.
Eurovision expected to drive cyber incidents
Experts are warning that the popularity of Eurovision makes it a potential hotbed of scams against individuals and businesses. Trading on the Eurovision name, and the inevitable increase in searches, it is expected that fake websites and fraudulent requests to suppliers will both see a significant increase.