Cyber Security Newsletter Week 2

Hackers steal data from United Nations

Hackers have broken into the computer network of the United Nations and made off with data. Cyber criminals were able to gain access simply by using login credentials from a UN employee. The enterpris resource planning system is how the attackers gained access. The attackers aim was to compromise large numbers of users within the network. The first entry was April 5th 2021 and that network intrusion continued to take place August 7th.
Usernames and passwords used in the attack were brought from a website on the dark web

Solutions:
• User awareness
• Vulnerability Scanning
• Regular update passwords

Widespread phishing campaign targets passwords

Microsoft has warned Office365 customers of a widespread credential phishing campaign using open redirector links. Attackers use these links alongside social engineering techniques in emails. The links redirect victims to a legitimate Google reCAPTCHA page leading to a fake login page where credentials are then stolen. The Microsoft 365 Defender Threat Intelligence Team has published a blog on the issue. As of 31st July 2021, SERS had received
more than 6,900,000 reports, with the removal of more than 55,300 scams and 105,000 URLs We recommend forwarding emails you’re unsure about to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk.

Solutions:
• Phishing
• User awareness Training
• Patching and regular updates

Prison for BEC scheme money launderer

A US resident, who admitted to laundering tens of millions of dollars stolen by cybercriminals in various wire and bank fraud schemes, is to spend the next 140 months in a US prison. Business email compromise (BEC) scams and cyber-enabled bank heists perpetrated by North Korean hackers. In one of the money-laundering cases, they recruited and organized individuals to withdraw stolen cash from ATMs. Further laundered the stolen money through wire transfers, cash withdrawals, and by exchanging the funds for cryptocurrency. Business email compromise (BEC) is a type of email cybercrime scam in which an attacker targets a business to defraud the company. Business email compromise is a large and growing problem that targets organizations of all sizes across every industry around the world. BEC scams have exposed organizations to billions of dollars in potential losses.

Solutions:
• Email Protection (Mimecast)
• Multi-factor authentication (MFA)
• User Awareness training

HSE Cyber-attack: Health service recovering

The 36-year-old mother of two was waiting for her radiation treatment that afternoon for sarcoma, a rare and aggressive form of brain cancer. On 14 May, when the attack occurred, Ms Cullen was nearing the final stages of her
treatment, having been diagnosed in September 2020. Ransomware attacks involve a criminal group using a form of malware to gain entry to a system, encrypting important data and then demanding a payment in return for
decrypting it. The attack in May was unprecedented in the history of the Irish state, affecting almost every part of its healthcare system, already worn down by more than a year of fighting Covid-19. Scrambling to deal with the situation, staff reverted to a paper system and the number of appointments in some areas dropped by 80% in the days after the attack. Although it has been almost four months since the attack, the Health Service Executive (HSE), Ireland's healthcare service, is still feeling the direct and indirect effects. A section of its website remains devoted to giving updates on services across the country.

It notes that emergency departments remain very busy because of the hack, many x-ray appointments remain cancelled, and staff still do not have access to their own emails. The HSE says that more than 95% of all servers and
devices have been restored.

Solutions:
• Ransomware Protection
• Regular Patching
• End-point protection