Archive for January 21, 2023

UK’s NCSC Finds Ransomware And Phishing Amongst The Biggest Threats To The Charity Sector

Posted in Commentary on January 21, 2023 by itnerd

The UK’s NCSC’s latest report has found that phishing and ransomware are amongst the biggest threats to the charity sector:

The report, published by the NCSC in association with the Charity Commission for England and Wales, explains why charities might be targeted and the challenges they face when compared to business and government organisations. For example, charities are more likely to rely on staff using their own IT (also known as Bring your own Device or BYOD), and these are harder to secure than devices that are owned (and managed) by the organisation itself.

It includes case studies from the sector to bring the report to life, as well as key statistics from the DCMS’s Cyber Security Breaches Survey. Crucially, it also directs readers to a range of online resources, so you can put in place the necessary measures to protect your charity and donors. These resources include the new Funded Cyber Essentials Programme, which offers eligible charities free support to put protections in place.

Given the times that we currently live in where the most vulnerable need help from charities, this is not good news:

Dr. Darren Williams, CEO and Founder, BlackFog had this to say:

Phishing and more specifically spear phishing is the tool of choice for most cyber gangs in order to breach an organization and launch a ransomware attack. As we have seen from this year’s annual statistics (https://www.blackfog.com/2022-ransomware-attack-report/), ransomware continues to break new records each month, with 2022 ending with a record number of attacks and an overall  29% increase over 2021. We continue to see specific sectors such as education and government become the most targeted, with charities falling into the same category as they are seen as low-hanging fruit without adequate resources for protection, both in terms of skilled cyber professionals as well as cybersecurity technology. Since the goal of any attack is to breach an organization and steal valuable information, charities pose a very high risk as they are gatekeepers to many high-net-worth individuals’ details which can then be leveraged for extortion. This is similar to the way such individuals were targeted in an attack on Daylesford in the UK last year, where high net-worth individuals’ details were leaked online. Like any organization, charities need to look carefully at how they are protecting their data and what they are doing in terms of anti-data exfiltration generally. 

Hopefully this spurs the charity sector to do what they can to make themselves less of a target. And hopefully the U.K. government pitches in because they truly can’t do this alone.

T-Mobile Pwned By Hackers…. Yet Again

Posted in Commentary with tags on January 21, 2023 by itnerd

T-Mobile recently revealed in an SEC filing that a hacker stole the personal data of 37 million customers. TechCrunch has the story:

The telecom giant said that the “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25.

In the SEC filing, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting.

The hackers, according to T-Mobile, didn’t breach any company system but rather abused an application programming interface, or API.

“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote.

For those keeping score at home, this is the 8th time that T-Mobile has been pwned by hackers. That’s not a good track record.

Edward Roberts, VP Marketing of Neosec had this to say:

“This incident looks like another example of APIs being attacked and highlights the need for organizations to protect this vast and exponentially growing attack surface. APIs by their nature carry an organization’s crown jewels — its data. More organizations are creating and deploying APIs and this API traffic is estimated to be over 80% of all traffic on the internet. Unfortunately, gathering data by scraping a vulnerable API is now a path to a low and slow data breach. It’s alarming that today many organization’s don’t even have an inventory of their APIs let alone know if they are vulnerable. But more important is knowing if there is any abusive traffic on your APIs. Knowing that someone is scraping an API for data is essential.” 

Given that this has happened so often to T-Mobile, they clearly have a whole lot of work to do so that customers can feel that their personal information is being handled in a safe and secure manner.