Cyber-incident reports from UK finance sector spiked by 1,000% in 2018
There has been a sharp rise in the number of cyber-incidents reported by the UK’s financial sector caused by hack attacks and other problems, according to official figures.
A Freedom of Information request to the Financial Conduct Authority revealed that the number of declared events rose from 69 in 2017 to 819 in 2018.
That marks a rise of more than 1,000%.
Consumer banks accounted for nearly 60% of the reports submitted to the watchdog last year.Read more
Eurofins Scientific: Forensic services firm paid ransom after cyber-attack
The UK’s biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.
Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.
At the time, the firm described the attack as “highly sophisticated”.
BBC News has not been told how much money was involved in the ransom payment or when it was paid.Read more
US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks
SEIA bill, inspired by the 2015 cyber-attack on Ukraine’s power grid, passes Senate.
The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result.
The idea is to use “retro” technology to isolate the grid’s most important control systems, to limit the reach of a catastrophic outage.Read more
Orvibo data leak puts security spotlight on IoT back end
The security of devices that make up the internet of things (IoT) is a top concern for many in the industry, but leaks from an IoT database highlights the importance of back-end security too.
Researchers at virtual private network (VPN) testing and review service vpnMentor have discovered a publicly accessible database belonging to Chinese firm Orvibo, which runs a platform for managing smart home appliances for customers around the world, including the UK and the US.
The database for the platform, called SmartMate, was found to have no password protection, despite containing more than two billion logs that relate to around two million customers’ smart home devices, underlining the huge volume of data that internet of things (IoT) devices typically collect.Read more
Over Half of Employees Don’t Adhere to Email Security Protocols
As many as 87% of 280 decision makers have predicted email threats to increase in the coming year, according to a survey by Barracuda Networks.
According to its blog post, many organizations are admitting to being vastly unprepared when it comes to email security, with 94% admitting that “email is still the most vulnerable part of organizations’ security postures.
“Unsurprisingly, finance departments seem to experience the most attacks, with 57% identifying it as the most targeted department,” explained Chris Ross, senior vice-president of international sales at Barracuda. “What was surprising was the rise in customer support attacks; a not insignificant 32% identified this as their most attacked department in what could indicate a new emerging trend for would-be attackers.”Read more
Google calendar scam puts strange events into people’s schedule to trick them into being attacked
Phantom invitations are secretly being planted by cyber criminals.
Strange invitations are showing up in people’s calendars as part of a dangerous scam, cyber security experts have warned.
The unwelcome events are actually ways of tricking people into cyber attacks that could see their data or money stolen.
Criminals are carrying out the exploit by inviting people to events through Google Calendar, which places that event into their schedule. That then serves as a link out to a URL – where a variety of different cyber threats might be lurking for anyone who clicks.Read more