Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Dropbox

Cambridge Water customer’s bank account details have been posted to the dark web

A cyber attack has left Cambridge Water customers’ bank details available to cyber criminals on the dark web. Details leaked include full names, addresses, sort codes and account numbers, leaving customers understandably worried and angry. The data was stolen from its parent company South Staffordshire PLC.

Customers were informed about the breach and the fact that cyber criminals may attempt to use their data for fraud, such as submitting false Debit Card mandates. The company’s managing director has released a statement regarding the data breach apologising to customers for breaking their trust. They have also opened a helpline and provided customers with years of free credit monitoring. Although customers have been reassured, South Staffordshire PLC engaged leading IT forensic experts to investigate the issue. They also notified the National Cyber Criminal Security Centre, the National Crime Agency, the Information Commissioner’s Office (ICO), Ofwat and the Consumer Council for Water, as well as the Drinking Water Inspectorate.

Operations suspended in French hospital due to cyber attack

In total, six patients were transferred to other hospitals due to the cyber attack, three from intensive care and three from neonatal, with more expected to follow in the next few days. The regional health agency assured the public that the hospital was doing everything it could to keep walk-ins and consultations available.

There is a group of hackers behind the attacks that demand a ransom, according to Richard Delepierre, a co-chairman of the establishment’s supervisory board.

The attack affected the intensive care machine screens, which were no longer operating as part of a network, despite continuing to function, this led to extra staff being called in to help. The minister has stated the attack has led to a total reorganisation of the hospital.

In the meantime, the Paris prosecutor’s office has launched an investigation into hacking state data and attempted extortion after the hospital filed a complaint.

Data from a cyber attack on Intersport posted on a dark web

International sports retailer Intersport suffered a cyber attack during Black Friday week, and the stolen data appeared on the blog at the beginning of this week. Ransomware group Hive posted images of the hacked site onto the dark web, suggesting that the company didn’t pay the requested ransom. On the other hand, no details of any ransom were revealed as well as information about the attack affecting the company’s and customers’ data outside of France. During the cyber attack, Intersport confirmed they were unable to access cash registers and loyalty and gift card systems for a few days.

“Ransomware group Hive has breached over 1300 companies worldwide and has received around $100m in ransom payments”, stated FBI advisory last month.

Hive access victims’ networks by using single-factor logins via remote desktop protocols and virtual private networks, but they also successfully bypassed multi-factor authentication and exploited vulnerabilities in systems such as Microsoft Exchange Server in the past.

It is important that businesses use multi-factor authentication to stay on top of their cyber security as well as keep patching all the software to the latest updates.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.