4th January | Become Cybersafe | Neuways – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

Institution still struggling with after effects of ransomware attack months later

A database containing sensitive data used by businesses, employees and working individuals was breached several months ago. The data held by the database is valuable to a variety of businesses and employees. And more importantly, the British Library is still grappling with the aftermath of the major ransomware attack, leading to disruptions in its services that could persist for several months. The attack, claimed by the Rhysida ransomware group, impacted the library’s website, online systems, and on-site services, including Wi-Fi and electronic payments. Internal data from the HR department was also compromised. It could easily be called a business disaster.

How did the ransomware attack occur?

The attackers demanded a ransom of 20 Bitcoin (approximately £587,202) and threatened to publish the stolen data if not paid within six days. The library’s CEO, Sir Roly Keating, mentioned in a blog post recently released, that significant damage was done, and it will take time to fully restore operations. The forensic investigation is ongoing, with at least 600 gigabytes of internal data stolen. The cyber gang that managed to steal this data have almost caused a business disaster for the Library, but cyber security experts are helping them manage it.

What was stolen by the cyber criminals?

The popular EThOS collection of doctoral theses, among other services, is currently unavailable. The British Library is collaborating with law enforcement and cyber security experts, planning a phased return of key services starting in January, and reinforcing its security infrastructure to prevent future incidents.

—

Database holding sensitive company information

A reported data breach has affected Crunchbase, a platform providing extensive company information, with an unknown cyber criminal gaining access to and disclosing a substantial amount of scraped data. The breach raises concerns for 3.1 million companies and 1.2 million users on the platform. There is also data that is mainly contained in the UK but also on a global basis.

What data has been stolen in the cyber attack?

The exposed information includes contact details, social media accounts, locations, and organisational hierarchies, posing a risk for large-scale spear phishing attacks and supporting social engineering strategies. Given Crunchbase’s role as a repository for comprehensive business insights, including investment details and leadership profiles, the breach could potentially reveal sensitive information about employees and company funding.

What is the company doing to recover the data?

The data scrape was organised and acted upon by a dark web threat actor, sharing a downloadable CSV file with extensive company and user details. Despite attempts to verify the breach with Crunchbase, the organisation has not issued an official statement, leaving concerns about information security on the platform pending an official response.

There are many facets and methods used to thwart a cyber attack, but if it cannot be stopped or goes undetected, the response of a company also matters. That is where the Neuways Cybersafe framework can help. It assists companies to help recover data without it being leaked and paying a ransom.

—

More information comes to light about cyber attacks on politicians

In a recent cyber attack, Russian hackers linked to the “Star Blizzard” group associated with the FSB Centre 18 used spear-phishing techniques to compromise private conversations of high-profile UK politicians and civil servants. The Foreign Office has summoned the Russian ambassador and imposed sanctions on a Russian intelligence officer and a group member.

Who was the target of a cyber attack?

The targeted individuals include MPs, Lords, civil servants, and journalists, with attempts to influence UK politics. However, all employees at businesses need to be vigilant. The sophisticated attacks involved thorough research, preparation, and impersonation of contacts. There are concerns about potential interference in the upcoming election year. The attacks, dating back to 2015, have targeted individuals and organisations, resulting in leaked and amplified information.

What are the recommended steps for cyber security measures?

While some information has been released, a substantial amount remains at the hackers’ disposal, raising worries about future disclosures timed with the UK’s general election. Sanctions have been imposed, and the UK government is working to expose Russian covert cyber activity and ensure accountability. The incident highlights the natural and severe threats posed by Russian intelligence services, emphasising the need for enhanced cyber security measures in the face of evolving tactics by state-sponsored hackers.

—————————————————————————————————————————–

Contact Neuways to help your business become

Cybersafe

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today.