Tag Archives: cyberattacks

UK Security Officials Report 50% Surge in Cyberattacks Over the Past Year | Cybercrime Insights

Posted on by
Reply

‘Extremely serious’ cyber-attacks have surged by 50% over the past year, with UK security agencies now addressing a new nationally significant attack every two days, according to the latest data from the National Cyber Security Center (NCSC).

In what officials are calling a “call to arms,” national security leaders and ministers are encouraging all organizations, from small businesses to major corporations, to develop contingency strategies for the possibility that their “IT infrastructure is compromised.” [is] Tomorrow, all screens could potentially be rendered [go] Blank.”

The NCSC, a division of GCHQ, stated in its annual report released on Tuesday that a “highly sophisticated” China, along with a “competent yet reckless” Russia, Iran, and North Korea, represent the primary national threats. This rise is fueled by ransomware attacks from profit-driven criminals and society’s growing dependence on technology, resulting in more potential targets for hackers.

Prime Minister Rachel Reeves, Security Secretary Dan Jarvis, and Technology and Business Secretaries Liz Kendall and Peter Kyle have contacted the leaders of hundreds of the UK’s largest companies, urging them to elevate cyber resilience to a board-level concern and cautioning that hostile cyber activities in the UK are becoming “more intense, frequent, and sophisticated.”

“We must not make ourselves an easy target,” stated Anne Keast-Butler, GCHQ’s director. “It’s critical to prioritize cyber risk management, integrate it into governance, and set a tone from the top.”

The NCSC dealt with 429 cyber incidents from the past year up to September, with nearly half considered to be of national significance, a figure that has more than doubled in the last year. Among these, eighteen incidents were categorized as “very serious,” indicating they profoundly affected governments, essential services, the public, and the economy. Many of these were ransomware attacks, with Marks & Spencer and Co-op Group among those heavily impacted.

“Cybercrime poses a significant threat to our economy’s security, businesses, and the lives of individuals,” Jarvis remarked. “We are working tirelessly to combat these threats and support organizations of all sizes, but we cannot do this alone.”

The NCSC refrained from commenting on reports suggesting it is investigating possible Russian involvement in the severe attack on Jaguar Land Rover, which has halted production. This report indicated that Russia is encouraging unofficial “hacktivists” to target the UK, the USA, as well as European and NATO nations.




Last month, a cyberattack disrupted passenger services at numerous European airports, including London Heathrow.
Photo: Isabel Infantes/Reuters

Overall, the number of attacks up to September signifies the highest level of cyber threat activity recorded by the NCSC in the last nine years. For the first time in a year, the UK and its allies have detected Russian military units executing cyber attacks, provided recommendations against a China-linked campaign affecting thousands of devices, and raised alarms over cyber attackers affiliated with Iran, as noted by the NCSC. Domestic threats also persist, with two 17-year-old boys arrested in Hertfordshire last week following an alleged ransomware hack of children’s data from the Kido nursery chain.


Hackers are increasingly incorporating artificial intelligence (AI) to enhance their activities, and although the NCSC has not yet encountered an AI-driven attack, they predict that “AI will almost certainly present cyber resilience challenges by 2027 and beyond.”

“We observe attackers improving their capacity to inflict significant damage on the organizations they compromise and those dependent on them,” commented Richard Horne, NCSC’s chief executive. “Their disregard for their targets and the harm they cause is clear. This is why all organizations must take action.”

He emphasized the psychological toll inflicted on victims of cyberattacks, stating, “I have been in numerous meetings with individuals profoundly affected by cyberattacks on their organizations. I am aware of the anxiety, the sleepless nights, and the consequent turmoil caused by such disruptions for employees, suppliers, and customers.”

quick guide

Contact us about this story

show

The best public interest journalism relies on first-hand reporting from those in the know.

If you have something to share on this matter, please contact us confidentially using the methods below.

Secure messaging in the Guardian app

The Guardian app has a tool to submit story tips. Messages are end-to-end encrypted and hidden within daily activities performed by all Guardian mobile apps, obscuring your communication from potential observers.

If you haven’t yet downloaded the Guardian app, you can do so here (iOS/android). Access the menu and select “Secure Messaging.”

SecureDrop, instant messenger, email, phone, mail

If you can use the Tor network securely, you can send messages and documents to the Guardian via our SecureDrop platform.

Additionally, our guide at theguardian.com/tips outlines various secure ways to contact us and discusses the pros and cons of each method.

Illustration: Guardian Design/Rich Cousins

Thank you for your feedback.


Source: www.theguardian.com

60% of British Secondary Schools Targeted by Cyberattacks in the Past Year | Cybercrime

Posted on by
Reply

Last month, when hackers targeted UK nursery schools and leaked child data online, they faced accusations of reaching a new low.

Nonetheless, the wider education sector is more familiar with being a target.

As per the British Government Survey, educational institutions are at a higher risk of cyberattacks or security breaches than private businesses.

Over the past year, six out of ten middle schools have experienced attacks or breaches, while more than 80% of universities and 90% of higher education institutions have faced similar issues. In contrast, only four out of ten companies reported violations or breaches, a statistic comparable to elementary schools.

Toby Lewis, global threat analysis director at cybersecurity firm Darktrace, notes that the UK education sector isn’t necessarily a specific target. “They are caught in the dragnet of cybercrime,” he explained, mentioning the “element of randomness and opportunism” involved in cybercrime victim selection.

Last week, the BBC highlighted that Kido, a nursery business targeted by hacking groups identified as Shinekase, had its system compromised after “early access brokers” sold access to Kido’s system, a scenario common in cybercrime circles.

Data from the annual Cybersecurity Violation Survey is derived from over 30 higher education institutions, almost 300 secondary and elementary schools in the UK, and various universities. The survey defines a cyberattack as an “attempt” to breach a target IT system, which includes sending “phishing” emails designed to deceive recipients into disclosing sensitive information, such as passwords.

Phishing emails constitute the most prevalent type of attacks on universities and schools.

Ransomware attacks have become widely recognized forms of cybercrime in the UK, wherein attackers encrypt IT systems to steal data and demand Bitcoin payments for decryption and the return of data.

The West Lothian Council’s education network has encountered ransomware attacks this year, resulting in data being obtained from several schools, with recent attacks also reported at Newcastle University, Manchester University, and Wolverhampton University.

Lewis suggests that state schools might be more susceptible due to funding pressures and a lack of expertise, while universities also face risks because they contain thousands of young students who may not be cybersecurity-savvy, along with computer networks designed to facilitate academic collaboration.

Colleges appear to be a favored target, and higher education institutions are reportedly the most frequently affected, with three in ten experiencing violations or attacks weekly, according to government data. Nonetheless, the education sector may be more conscious of government initiatives on cybercrime prevention than businesses and charities.

Pepe Dilacio, general secretary of the British Schools Association and the Association of University Leaders, remarked that ransomware attacks pose a “major risk” and emphasized the ongoing efforts to safeguard systems and data.

James Bowen, assistant secretary at the National Association of Principals, welcomed additional government funding to assist school leaders in identifying and responding to cyber threats.

The Ministry of Education stated that the school’s support includes a dedicated team to handle cyber incidents and collaborate closely with the UK’s National Cybersecurity Centre to provide complimentary training for school staff. “We take cybersecurity in schools seriously and understand the significant disruption attacks can cause, and we offer a wide range of support to schools,” said a spokesperson.

Following backlash from the hack, Kido hackers have deleted data obtained from the company, including child profiles.

However, government data indicates that the education sector continues to be a target. Ministers are preparing schools, the NHS, and local councils to potentially pay ransoms under government proposals aimed at combating hackers. In the meantime, attacks continue.

Source: www.theguardian.com

Report Reveals Over 25% of UK Companies Targeted by Cyberattacks Last Year | Job

Posted on by
Reply

Reports indicate that numerous companies across four UK sectors have fallen prey to cyberattacks, putting the situation at risk unless they take immediate measures.

A survey of facilities conducted by facility managers, service providers, and chartered surveyors under RICS and shared with the Guardian revealed that many buildings experienced cyberattacks in the last year. This figure has risen from 16% the previous year.

Nearly three-quarters of over 8,000 business leaders (73%) anticipate that cybersecurity incidents will impact their operations in the next 12-24 months. RICS has recognized cybersecurity and digital risks as significant and rapidly evolving threats for building owners and occupants.

Marks & Spencer had to pause orders on its website for nearly seven weeks following a major attack in April, causing clothing sales to fall significantly until May 25th. They lost market share to competitors such as Next, Zara, and H&M.

As cybercriminal techniques advance, incidents targeting critical infrastructure and data breaches have become increasingly frequent, as noted by RICS. This trend will likely intensify with the enhanced capabilities of artificial intelligence and rapid technological advancements.

RICS cautioned that some buildings might be relying on dangerously outdated operating systems. For instance, a building that was opened in 2013 might still be using Windows 7, which has not received security updates from Microsoft for over five years.

Paul Bagust, head of the property practice at RICS, remarked: “Buildings have transformed from mere bricks and mortar into smart, interconnected digital environments that leverage continuously evolving technology to enhance the experience of occupancy.

This technology collects data to inform decision-making. At the levels of property management, building users, occupants, and owners, these advancements provide various benefits, including enhanced efficiency and reduced environmental impact. However, they also present multiple risks and vulnerabilities that could be exploited by malicious entities.”

The report highlights operational technologies such as building management systems, CCTV networks, Internet of Things devices, and access control systems as potential risk areas. This encompasses everything from automated lighting and heating to building management systems and advanced security protocols.

Skip past newsletter promotions

Bagust further commented: “It’s challenging to envision a scenario where technology does not continue to elevate the risks within building operations. Identifying these burgeoning digital challenges and implementing adequate security measures is essential but increasingly complex.”

Source: www.theguardian.com

NCA Investigates Cyberattacks on UK Retailers Linked to Scattered Spiders | Hacking

Posted on by
Reply

The hacker group referred to as the Scattered Spiders is a major focus in criminal investigations concerning cyberattacks against UK retailers, including Marks & Spencer, according to detectives.

The Scattered Spiders, a loosely organized collective of native English-speaking cybercriminals, have been strongly associated with hacking incidents involving M&S, cooperatives, and Harrods. M&S announced on Wednesday that it anticipates a financial impact of approximately £300 million following the recent system breach.

The UK’s National Crime Agency, tasked with combating cybercrime, stated that investigating this group is a priority.

“We are aware of groups publicly identified as Scattered Spiders, yet we maintain various theories as we pursue the evidence to identify the perpetrator,” I informed the BBC.

He added: “Given the extent of the damage we’re witnessing, apprehending the individual responsible for these attacks is our foremost objective.”

Last week, Google informed the Guardian that its UK-based members of the Scattered Spiders were actively “promoting” cyberattacks and warned the US that efforts to infiltrate the UK retailers’ systems were being mirrored in the US.

Targeting specific industries and locations is a common strategy among the Scattered Spider community, who utilize platforms like Discord and Telegram for communication.

Hackers affiliated with M&S deploy ransomware or malicious software that encrypts targeted files. This type of cybercrime is typically associated with Russian-speaking gangs, rather than native English speakers from the UK or the US.

“We are aware that Scattered Spiders predominantly communicate in English, but this does not necessarily imply that they are located in the UK. They engage in online discussions across a variety of platforms and channels.”

Reportedly, these hackers have utilized ransomware known as Dragon Force in their operations, functioning as a ransomware as a service that leverages another group of malware and infrastructure to distribute financial gains from attacks. Ransomware attackers generally request payment in cryptocurrency to unlock encrypted files and return stolen data.

Skip past newsletter promotions

Insights into the suspected Scattered Spiders can be found in a report from the US Department of Justice, which charged five individuals last year for targeting an unnamed American company through a “phishing” text message.

All defendants were in their twenties at the time of the allegations, with ages ranging from 20 to 25. Among them was Tyler Buchanan, 23, hailing from Scotland, who was extradited from Spain to the US.

Google also mentioned that “younger members” of the network often carry out various tasks, such as calling the company’s IT help desk or impersonating employees or contractors to gain access to computer systems. A former teenage hacker cited by the BBC remarked that it “would not surprise me” if a teenage hacker was behind a retail attack.

Source: www.theguardian.com

Google: Britain’s Dispersed Spider Hackers Are “Encouraging” Cyberattacks

Posted on by
Reply

As reported by Google, members of the UK-based spider-hacking community are actively “promoting” cyberattacks amid the increasing disruption faced by UK retailers in the US market.

A hacker collective known as the “scattered spiders” has been connected to attacks on British retailers such as Marks & Spencer, Co-op, and Harrods. Google Cybersecurity experts have now warned that unidentified retailers in the Atlantic region are also under threat.

Charles Carmakal, the chief technology officer for Google’s Mandiant Cybersecurity division, noted that the threat has shifted to the US, following a pattern commonly observed with scattered spider attackers.


“They focus on a specific industrial sector and geographic location for a short period, before moving on to a new target,” he explained. “Currently, their attention is on retail organizations. They began in the UK and have now extended their focus to firms in the US.”

When asked about the involvement of British members in the M&S hacking, he stated, “While I can’t name specific victims, it’s clear that UK-based scattered spider members are promoting and facilitating these incursions.”

On Friday, it was disclosed that M&S alerted employees that some personal data may have been compromised during a cyber attack last month. Sources informed the Daily Telegraph that staff members were notified that their email addresses and full names were potentially exposed in the breach.

Earlier this week, M&S reported that hackers had accessed personal information of thousands of customers.

In light of these attacks on UK retailers, cybersecurity agencies have urged businesses to remain vigilant and aware of specific tactics employed by scattered spiders.

In an advisory notice, the National Cyber Security Center recommended businesses to leverage IT support to assist staff in resetting their passwords. One tactic associated with scattered spiders—named for a set of hacking tactics rather than a unified group—involves calling help desks to gain access to corporate systems while impersonating an employee or contractor.

“We have observed instances where they call the help desk, masquerade as employees, and convince the staff to reset their passwords,” Carmakal explained.

Carmakal also noted that these calls to help desks are sometimes made by younger members of the scattered spider network.

“It’s not always the threat actor themselves making the call… some tasks are outsourced to other community members, often younger individuals looking to earn some quick money through various schemes and inconsistencies,” he shared.

Skip past newsletter promotions

Scattered spiders primarily consist of native English speakers from the UK, US, and Canada, which sets them apart from other ransomware groups. Karmakal mentioned that he has received reports of “numerous calls” made by scattered spider hackers to corporate employees.

Ransomware gangs typically infiltrate target computer systems with malware that effectively locks users out of their internal files. These groups usually originate from Russia or former Soviet states.

Carmakal’s remarks coincided with French luxury brand Dior disclosing that “fraudulent external parties” had accessed some customer data. The Paris-based brand has yet to clarify the nature or extent of the attacker’s incursions.

This week, Google’s cybersecurity team affirmed that scattered spiders have shifted their focus to US retailers.

“We are dedicated to offering a variety of services to our customers,” stated John Hultquist, chief analyst at Google Threat Intelligence Group. “The group that originally targeted retail in the UK, after a significant hiatus, has a track record of concentrating on one sector at a time, and we anticipate they will continue to prioritize this sector in the near future. US retailers should exercise caution.”

Source: www.theguardian.com

Harrods Becomes the Latest Retailer Targeted by Cyberattacks

Posted on by
Reply

A few days after Marks & Spencer and the cooperative were targeted, Harrods experienced a cyber attack.

The luxury retailer had to shut down several systems temporarily; however, all stores, including its website, Knightsbridge flagship, H Beauty, and Airport Outlet, remain operational. Retailers became aware of the cyber threats earlier this week.

In a statement, Harrods disclosed: “We have recently encountered attempts to gain unauthorized access to parts of our system. Our experienced IT security team swiftly took proactive measures to secure the system, which led to restricting internet access on our site today.”

The retailer stated that it has not requested any action from its customers, suggesting confidence that data has not been compromised. “We will provide updates as necessary.”

Reported first by Sky News, the Harrods incident unfolds as M&S grapples with challenges stemming from cyberattacks linked to widespread hacking.

M&S has had to pause orders for nearly a week, leading to a loss exceeding £650 million in stock market value. Additionally, the automated inventory system failure has resulted in empty store shelves, while the loyalty program and gift card transactions are suspended.

On Thursday, M&S announced it had halted the hiring of new employees.

The company removed all online job postings from its site while it addresses the fallout from the cyber attack that forced M&S to close its online store.

A note on M&S’s Jobs webpage states, “I’m sorry, but I can’t search or apply for a role right now. I’m working diligently to restore our services as soon as possible.”

Despite having over 200 job openings the previous week, the company, employing approximately 65,000 people across its stores and London headquarters, did not list any positions on Thursday.

A spokesperson stated: “While managing these cyber incidents, we are temporarily pausing some of our usual processes to ensure we can continue delivering the best M&S experience for our customers and employees.

The cooperative also had to disable some internal systems and warned staff to be cautious with their cameras during online meetings after detecting hacking attempts. Stores and online services are still running normally.

Retailers may face similar methods used across various businesses, as many share the same systems as M&S and the cooperatives.

Skip past newsletter promotions

It remains uncertain whether the cyberattacks affecting these three retailers are coordinated by the same group or carried out independently.

The National Cyber Security Center (NCSC) is collaborating with M&S and the cooperative to understand the nature of both incidents and is looking into potential connections. The Metropolitan Police confirmed on Wednesday that cybercrime detectives, alongside teams from the National Crime Agency, are investigating the attack on M&S.

NCSC CEO Richard Horn remarked that the cyber incident should act as a wake-up call for all organizations, urging businesses to ensure they have adequate measures in place for prevention and effective response.

He added: “The NCSC is committed to closely supporting the organizations reporting these incidents to fully comprehend the nature of these attacks and offer expert advice to the wider industry based on the threat landscape.”

In recent years, retailers and their suppliers have faced multiple cyberattacks, including an incident affecting Morrisons due to a problem at high-tech supplier Blue Yonder last Christmas.

In 2023, WH Smith experienced a data breach where sensitive company data, including personal information of current and former employees, was accessed illegally. This occurred less than a year after a cyber incident on WH Smith’s Funky Pigeon website resulted in a week-long suspension of orders.

Source: www.theguardian.com

Experts warn of increasing cyberattacks tied to Chinese intelligence agencies

Posted on by
Reply

Warning analysts have highlighted the increasing power and frequency of cyberattacks linked to Chinese intelligence as foreign governments test their response. This comes in the wake of revelations concerning a large-scale hack of British data.

Both the British and American governments disclosed that the hacking group Advanced Persistent Threat 31 (APT 31), supported by Chinese government spy agencies, has been targeting politicians, national security officials, journalists, and businesses for several years. They have been accused of carrying out cyber attacks. In the UK, hackers potentially accessed information held by the Electoral Commission on tens of millions of British voters, and cyber espionage targeted vocal MPs on the threat posed by China. Sanctions have been announced against Chinese companies and individuals involved by both the US and UK governments.

New Zealand’s government also expressed concerns to the Chinese government about Beijing’s involvement in attacks aimed at the country’s parliamentary institutions in 2021.

Analysts informed the Guardian that there are clear indications of a rise in cyberattacks believed to be orchestrated by Chinese attackers with ties to Chinese intelligence and government.

Chong Che, an analyst at Taiwan-based cyber threat analysis firm T5, stated, “Some hacking groups often rely on China to carry out attacks on specific targets, such as the recent iSoon Information incident. It’s an information security company that has a contract with intelligence agencies.” T5 has observed an increase in constantly evolving hacking activity by Chinese groups in the Pacific region and Taiwan over the past three years.

Chong also mentioned that while there isn’t enough information to directly trace activities to China’s highest leadership (with the Chinese government denying the allegations), activity can’t be discounted considering the Chinese system that does not differentiate… They believe that their objective is to infiltrate specific targets and steal critical information and intelligence, whether political, military, or commercial.

Several analysts noted that Western governments have become more willing to attribute cyberattacks to China after years of avoiding confrontation with the world’s second-largest economy.

David Tuffley, senior lecturer in cybersecurity at Australia’s Griffith University, remarked, “We’ve shifted from being less critical in the past to being more proactive, likely due to the increased threat and scale of actual intrusions. They are now a much more significant threat.” Cyberattacks are part of China’s gray zone activities, actions that approach but do not reach the threshold of war.

Tuffley highlighted that while much of the cyber activity is regionally focused on Taiwan and countries in the South China Sea with territorial claims, the cyberattacks are widespread. China aims to cause instability in the target country and test adversary defenses, rather than engage in violent war.

Tuffley warned of the risk of escalation, noting that other governments like the US and UK also possess sophisticated cyber espionage capabilities but have not publicly threatened action against China. US authorities charged individuals with conducting cyberattacks in violation of US law, suggesting a deep level of knowledge about the attacks.

Adam Marais, chief information security officer at Arctic Wolf, commented, “If you’ve been involved in cybersecurity for many years, this report from UK authorities won’t surprise you at all. Beijing continues to view cyber as a natural extension of its national strategy and has little fear of using cyber technology to advance its national interests.”

Source: www.theguardian.com