Cyberthreat News Round-Up
Cyberthreat News is a monthly round-up of key cybersecurity stories. It highlights the scale and complexity of the threats faced by people and businesses in the UK. These attacks are costly and a drain on the economy, leaving them to pay for hardware, software, incident response and consulting. They cause disruption and upheaval as well as personal distress and loss of income. They are also often opportunistic as attackers follow the money. ‘Off the shelf’ tools mean less technically proficient criminals can now carry out attacks. And malware is evolving in ways that harm and degrade victims as well as steal credentials.
One of the largest known cyber-espionage campaigns is targeting companies that run critical US infrastructure, according to Western intelligence agencies and Microsoft. The group behind the campaign, called Volt Typhoon, appears to be developing capabilities that could disrupt oil and gas pipelines, rail systems, as well as US-Asia communications networks in the event of a crisis.
Big British firms, including Marks and Spencer, Unilever, the BBC and BA, were hit by attacks on their outsourcing suppliers. Attacks on UK-based firm Capita put staff data at risk and resulted in costs of £19.3 million for professional fees, recovery and remediation costs as well as investment to strengthen the security system. A Russian-speaking criminal gang was behind the breach, which exploited flaws in Zellis file-transfer software.
With people spending more time working remotely, the focus on cybersecurity is increasing. Cybercriminals are capitalising on this trend and phishing attacks on individuals continue to rise. However, the impact on businesses is more acute as attacks against them have increased, especially those that operate remote sites or rely heavily on remote workers.