May was an astronomical month for data records breached, with more than 98 million records breached across 98 incidents. This compares to 4.3 million in April, 42 million in March and 29.5 million in February, but it doesn’t come close to the astounding 277.6 million in January. The majority of the 98 million breached records actually come from data which has surfaced from a breach back in March 2021, which included 74.4 million unique email addresses and 2.6 million unique domain email addresses. The breach was from Luxottica, the parent brand of Ray-Ban, Oakley and Costa, and is one of many breaches for the brand. The leak is under investigation by the FBI, and the website offering the data for sale, has been shut down.
Here’s the other top stories you need to read:
UK Ministers warn of growing Russian threat
Ministers have warned UK businesses to expect more targeted attacks from Russia-linked cyber attack groups, highlighting a growth in attacks from “ideologically motivated, rather than financially motivated” groups. Their ambition is to cause disruption and economic uncertainty, by destabilising businesses and critical infrastructure. It means businesses need to be more aware than ever of their cybersecurity features, training, and vulnerabilities.
National Cyber Security Centre encourages zero trust architecture
Historically, the approach to cybersecurity threats has been an assumption that they will originate external to the organisation i.e. that the threat will seek infiltration from another business or contact. In recent years, there has been astronomical growth in attacks which infiltrate inside organisations and their suppliers, and use the brand name credibility to originate attacks internally within the organisation. Best practice is now to employ a zero trust architecture, which assumes that any and all communications can be malicious, regardless of origin. The NCSC has released a new guide on zero trust architecture and what it means for businesses.
Combined government forces take down Russian malware
Running under code name “Operation Medusa”, cyber officials from the US, UK and allies ‘cut off the head’ of a Russian ‘Snake’ malware. The malware has infiltrated targets in more than 50 countries, and has been under investigation for more than 20 years. As a result of activity by the taskforce, a new cybertool was created, which actively forced the malware code to overwrite itself. It means that it cannot continue to spread, and is rendered ineffective.
More details on the Capita hack
Following the breach in April, more details have been emerging regarding the cyber attack on government supplier Capita, which will cost the organisation more than £20million including specialist professional fees, recovery and remediation costs, as well as investment to reinforce its cybersecurity defences and strengthen its IT security. A specialist watchdog has also received reports that 90 businesses for whom Capita held data, have had their data breached, including pension records for example.
Microsoft confirms this is the last version of Windows 10
The current version of Windows 10 will be the last one, Microsoft has confirmed, with users encouraged to move to the now available Windows 11. The retirement date feels a long way off (October 2025), but the upgrade from Window s10 to Windows 11 may require hardware upgrades too. Windows 11 requires significantly more operating power which may mean hardware upgrades, however once Microsoft retires Windows 10, it will become insecure with no new available security patches.
57% of UK businesses hit by attacks
One consistent message across all cyber attack research is that a lot of businesses are being hit, and not all defences are standing up. New research from ISMS online has found that more than half (57%) of UK businesses have been impacted because of a cyber security/information security incident caused by a third-party vendor or supply chain partner. The data was published as part of their State of Information Security report which surveys 500 Information Security employees.
Cyber a bigger business risk than the economy
According to research from Palo Alto Networks, CEOs are more concerned about the potential impact of cybersecurity incidents than they are about economic turbulence. The survey of more than 2,000 CEOs found that they view cybersecurity as a considerable risk, but also don’t view it as their responsibility. Cybersecurity only works if everyone is engaged at every level, and if responsibility is equally applied.
Malware warning – Bian Lian
A number of government bodies are warning of a change to the Bian Lian malware that is making it more dangerous. Originally an encryption malware, it historically encrypted files and extorted victims, focussing on financial gain. Now, the latest version of the malware has adopted a stealth practice, enabling it to actively steal data while leaving networks in tact. This makes it harder to detect, and harder to track too.
App update steals data
Serving as an important reminder to delete any apps that you aren’t actively using, and to install mobile antivirus and security, an android app update is one of a few to have been found with new malicious intent. The popular “iRecorder – Screen Recorder” app has been available on the Play Store for over a year, and was originally an innocuous app. A new update has now turned the app rogue, enabling it to steal information and microphone recordings from the phone.
Fake reviews become illegal
Surprisingly, leaving a fake review was not yet illegal, but became illegal under the new Digital Markets, Competition and Consumer Bill, at the beginning of May. It makes it illegal to buy, sell, and host fake reviews, and will do more to support consumer decision-making and trust. See all the details +
Council published employee data
Not all breaches are malicious, as highlighted by the recent incident at South Lanarkshire Council. Following a Freedom of Information request, a spreadsheet including personal employee data, salaries, and national insurance numbers of more than 15,000 employees was uploaded and shared by mistake. The FOI requested details of staff pay grades and the spreadsheet was originally supposed to include anonymised data. However, full details were disclosed by mistake.
Samsung vulnerability being actively exploited
Samsung users are being encouraged to install the latest security patches and software updates, after security flaw CVE-2023-21492 has been actively exploited. The flaw enables a privileged local attacker to bypass security and install spyware onto devices.