Cyber Attacks Continue – Make Sure Your Company is Protected
Unfortunately the start of 2015 has been a busy time for cyber criminals, with a number of attacks taking place across all industries. Here we’ll talk you through some of the top cyber-attacks that have taken place in the first quarter and what you can do to ensure your company is protected.
Missing air miles
British Airways is one of the latest companies to be knocked with an apparent cyber-attack according to BBC News. The company has received numerous complaints about air-miles points being stolen from BA’s Executive Club Scheme.
Users have reported their accounts being used by other people to book hotels and having their points wiped out completely.
However the company believes that only a small number of its frequent flyers have been affected. It has said that the attacks appear to be the result of a third party using information obtained elsewhere on the internet and at this stage there has been no unauthorised access to users’ travel histories or payment card details.
The company has been criticised for sending out emails containing links asking users to reset their password, as this is a trick often using by criminals trying to ‘phish’ users’ login details. BA has since removed the link and asked any customers with security concerns to contact its service centre.
Traffic jam at GitHub
San Francisco-based GitHub, a site that is used by more than 8 million software developers has also appeared to have experienced a cyber-attack, though this time the attacker has attempted to jam up the site and push it offline by flooding it with traffic.
The company said they are currently experiencing the largest distributed denial of a service attack in history, with sophisticated techniques being used to take over the web browsers of users and flood GitHub with too much traffic.
GitHub believe the attack is a result of content they have created, which provides China-based users with a way to by-pass local censorship controls. However the Chinese Government has been quick to deny this, saying that China is one of the major victims of cyber-attacks.
An attack on Slack
Slack, a US service that provides a way for team members to communicate with each other, has also been under attack this week. It is believed that hackers accessed a database that enabled them to view usernames, email addresses and Skye IDs of a small group of Slack users.
The company has said that passwords are encrypted and that it was ‘computationally infeasible’ for hackers to unscramble them; however they have stepped up security with two-factor authentication as a way of further protecting their users’ accounts.
It’s recently been reported that login details for Uber are being offered for sale for as little as a dollar online. Some Uber account holders are also complaining on social media that their accounts are being used without their permission and racking up expensive bills.
The company has said it’s taking the issue very seriously, however so far they have found no evidence of a breach at Uber. Users are being encouraged to use strong and unique usernames and passwords to help keep their accounts safe.
British Judo Association breach
On the 20th March, the British Judo Association announced that it had temporarily shut down its online membership application system, after a cyber-criminal appeared to have stolen some members’ details, despite it being PCI compliant.
It is believed that the intruder stole the credit card details of a number of members. The British Judo Association has therefore warned all of its members to remain vigilant and monitor their credit cards and bank accounts for suspicious activity. If members do spot any suspicious or unauthorised transactions, they need to contact their credit or debit card suppliers immediately.
Although the British Judo Association has not confirmed exactly how many members have been affected, they have said it is a small number. According to their spokesperson, it is only the online membership application and renewal system that has been compromised, not the main database.
A forensic investigator has been appointed to assist the company in analysing the cyber breach.
Trouble for TalkTalk
TalkTalk has recently admitted that it suffered a major breach of sensitive user information, which potentially led to some customers handing over their bank details to cyber criminals.
In an email to its subscribers, TalkTalk said it saw a big increase in malicious scammers claiming to be part of the company at the end of 2014. After conducting an investigation, the company confirmed that some subscriber information, such as names, addresses, phone numbers and account numbers may have been illegally accessed and believed the scammers quoted some of this information to customers.
TalkTalk has said that it is supporting the small number of customers who have been directly targeted by the cyber criminals. They also said they were liaising with the UK data watchdog and would be writing to all of their customers about the criminal activity.
Suspected cyber-attack on the BBC
In April the words ‘Cybercaliphate’ and ‘je suis IS” flashed up on the BBC News channel in what was feared to be a cyber-attack by Isis. The news came just hours after supporters of the Islamic State hacked French television network TV5 Monde, blacking out eleven of its channels and taking over both its website and social media accounts.
The BBC news channel was broadcasting a segment on the Trident nuclear missile defence system, when it suddenly cut out. It was quickly replaced by a shot of a screen displaying the words ‘Cybercaliphate” and “je suis IS” in red and black writing, before the news anchor apologised and the broadcast resumed.
Whilst many called it a cyber-attack, a spokesperson for the BBC claimed the interruption was not the result of a hack but a mistake. They said that a graphic being used in BBC reports about the French cyber-attack had accidently been used in the wrong news item.
New railway system could be a complete train crash
According to the latest news reports, a new railway signalling system that is being trialled in the UK could be vulnerable to a cyber-attack, which could potentially lead to a train crash. The new digital system, which is being tested as a way to make train lines safer, could be exposed to malicious software (known as malware) and end up causing a nasty accident.
Internet Security Expert, Professor David Stupples has said that clever malware could alter the way a train would respond. Network Rail, the company in charge of the upgrade, which will be implemented by 2020, acknowledged the risk and said it would continue to improve the digital technology and ensure the right controls were in place.
Keeping your company protected
With so many high profile companies facing cyber-attacks at the start of 2015, it’s no wonder that many small businesses have been left running scared. Many companies fear that if large companies can be hacked, then their companies won’t stand a chance at remaining secure.
The truth is that if small businesses invest in the right IT security solutions and take the necessary measures to protect their IT systems, they do have the power to keep their data safe. Investing in security solutions and carrying out processes such as patch management, web filtering and 24/7 monitoring can help to safeguard your business against cyber-attacks.
Educating your employees on the importance of IT security is also highly recommended. Teaching them how to create strong passwords and the dangers of things like email downloads will help you to create a safer working environment.
Get in touch
If you want to find out more about how you can keep your IT systems safe, get in touch with Grant McGregor today. We provide IT consultation services to help businesses find the optimal security solutions to keep their data safe.
After reading this, if you do nothing else, then please take the first crucial step to your IT security by making your passwords stronger and more secure. Find out exactly how with this Free Password Guide!
Image credits: Robbert van der Steeg