Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Interserve

Interserve Group Ltd fined £4.4m after cyber attack compromises staff’s personal information 

The Information Commissioner’s Office issued a £4.4m to Interserve following a cyber attack which breached data protection law in May 2020, which compromised personal information, such as contact details, national insurance numbers and bank account information, of around 113,00 employees.

The cyber criminals used a phishing email to gain access to the sensitive data, the company’s security system failed to block/quarantine this email which contained malware. The employee who received the email forwarded it to a colleague, who then opened it and downloaded the content resulting in the installation of malware.

Interserve’s anti-virus software quarantined the malware and sent an alert, however, the company failed to investigate the activities properly and therefore didn’t recognise that the hacker still had access to the company’s systems resulting in a hefty fine.

By failing to launch a thorough investigation into the attack, the cyber criminal accessed 283 systems and 16 accounts and managed to uninstall the anti-virus software and encrypt employees’ information.

After the Information Commissioner’s Office investigation, Interserve was found to have used outdated software and lacked staff training. Interserve released a statement disputing claims that its system and staff’s response was inadequate by engaging leading cyber response companies, investing in its operating systems to control the cyber attack’s impact on its staff and prioritising the impacts of past and present staff.

For more information on phishing attacks and how to protect your business from them, please visit: https://neuways.com/cyber-security/phishing-awareness-training/

Hacker group LockBit 3.0 demand £54m ransom from Pendragon

This week Pendragon, one of the UK’s leading automotive retailers, has been hit with a cyber attack resulting in a £54m ransom being demanded by hacker group LockBit 3.0, who have threatened to release sensitive data obtained by hacking into the company’s IT servers.

Pendragon released a statement stating they were aware of suspicious activity on their IT systems, confirming it to be an IT security incident. However, the incident has not affected the company’s ability to operate as usual, and they said to have put the correct steps in place to contain the incident.

Furthermore, Pendragon’s security specialists have launched an investigation to fully understand what has happened and report these findings to our customers and partners.

Health giant Medibank confirms customers’ private data exposed in cyber attack

Australia’s largest private healthcare insurer has confirmed a recent cyber attack on its systems that has compromised millions of customers’ data, including names, addresses, birthdates, contact information, Medicare numbers and claims data.

Medibank has warned customers that the exposed data is likely to grow after they stated there was no evidence the attack had compromised any customer data.

The private heal care insurer has called the findings a “distressing development”, and has apologised to its customers. The company has been working with agencies of the federal government, launching a criminal investigation.

As a result of the data breach Medibank has decided to postpone their rate rise on 1st November 2022 to 16th January 2023, providing some relief for understandably distressed and fearful customers.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.