Urban75 Home About Offline BrixtonBuzz Contact

Ransomware and other cyber attacks

Ultimately it’s the responsibility of Information Security in the NHS (is that what we are talking about?), to make sure that their 3rd party risk management is in order. And hopefully they are using comprehensive processes to monitor and secure their 3rd party systems and connections.
 
  • Haha
Reactions: Chz
Boris Sprinkler said:
Ultimately it’s the responsibility of Information Security in the NHS (is that what we are talking about?), to make sure that their 3rd party risk management is in order. And hopefully they are using comprehensive processes to monitor and secure their 3rd party systems and connections.
Click to expand...

Almost all of these happen because the security measures the people ticking all of the boxes thought were in place weren’t in place. This kind of thing is very hard to detect ahead of time through the supply chain
 
Exactly. Which is why you need a uniform process approach. One of my guys, when I worked in that field, designed a paper based system so good that, it’s now his bread and butter as a lecturer.
 
Boris Sprinkler said:
Exactly. Which is why you need a uniform process approach. One of my guys, when I worked in that field, designed a paper based system so good that, it’s now his bread and butter as a lecturer.
Click to expand...
Interesting, do you know any more about it?

Lots of postit notes?
 
Now. It’s actually an excel based system of assessments and questionnaires, allowing to categorize suppliers based on the function of their product/software/design and architecture of their connections to other third parties. He found it lifts and shifts quite easily so he quit the corporation to sell it to others. Or at least he did. I don’t know what happened post COVID. I’m no longer in that world.
 
ska invita said:
There's been a few since thread last posted on and this one explicitly pinned on Russia

www.theguardian.com

Cyber-attack on London hospitals to take ‘many months’ to resolve

Exclusive: NHS source says clarity needed on how Russian hackers gained access and whether records are retrievable
www.theguardian.com www.theguardian.com
Click to expand...
I spoke to my GP earlier to arrange a routine cholesterol test. He said that there was no point taking one for at least four weeks, because they were not able to process any blood tests because of the cyber attack.
 
So supposeldy recent breaches of TfL, Hackney council and Royal Mail
THis website is interesting....
TfL hacked by 17 year old from Walsall
thehackernews.com

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

17-year-old arrested over cyber attack on TfL, exposing 5,000 customers' sensitive data. Investigation ongoing.
thehackernews.com thehackernews.com
Possibly same kid doing MGM Resorts
thehackernews.com

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Teen arrested in UK for links to global cybercrime group. Suspected Scattered Spider member connected to MGM Resorts hack.
thehackernews.com thehackernews.com
22 year old from Scotland caught doing the same style hack
thehackernews.com

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Scattered Spider member arrested in Spain. Group evolves tactics, targets SaaS apps for data theft. FBI prepares charges against hackers tied to high-
thehackernews.com thehackernews.com
So maybe for from being Russian espionage

...talking of Russia that site has several stories about Russia being attacked by anti-Putin hackers
such as
thehackernews.com

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

Twelve hacktivist group targets Russian entities with destructive cyber attacks, using public tools for maximum damage without financial gain.
thehackernews.com thehackernews.com
 
Attribution is incredibly difficult to prove. And TTP’s from threat actor groups will often use subterfuge and obfuscation.
I’ve seen leaked data from US weapons companies left on a sever belonging to a Scandinavian bioethanol research firm. That time it was supposedly Chinese. Other times it was Russians or a North Koreans.
Only common factor was the reporting entity of the Americans.
 
Boris Sprinkler said:
Attribution is incredibly difficult to prove. And TTP’s from threat actor groups will often use subterfuge and obfuscation.
I’ve seen leaked data from US weapons companies left on a sever belonging to a Scandinavian bioethanol research firm. That time it was supposedly Chinese. Other times it was Russians or a North Koreans.
Only common factor was the reporting entity of the Americans.
Click to expand...
in these cases they've made arrests but yeah could be a feint
 
In this case. And my experience of police forces is that they will see through an investigation where it is clear who the perpetrators are. Otherwise 🤷‍♂️
I have raised countless fraud cases with ncp. None followed up on.
I had to explain to Northumbria police what an IP address was way back in 2006 in order to assist them in their pursuit of a paedophile gang. We were also in a position to do what they couldn’t. And we did. And they were successful. But it was purely by accident or their luck.
 
Two prominent pieces in the Guardian today
www.theguardian.com

UK underestimates threat of cyber-attacks from hostile states and gangs, says security chief

New head of National Cyber Security Centre to warn of risk to infrastructure in first major speech
www.theguardian.com www.theguardian.com
www.theguardian.com

‘Russia can turn the lights off’: how the UK is preparing for cyberwar

Moves made to prepare country for utility outages as malicious technological threats intensify
www.theguardian.com www.theguardian.com

but in reading those it links to this one which I think is most important as it explicitly makes the link between Russian gangs and the Russian state
www.theguardian.com

Russia’s FSB protected Evil Corp gang that carried out Nato cyber-attacks

NCA says cybercriminal gang used family links to spy agency to shield members targeted by US authorities
www.theguardian.com www.theguardian.com

that all does need to be tampered with the fact that, as posted above on the thread, more than one high profile case has had nothing to do with Russia and rather seems to have been carried out by teenage herberts in British bedrooms
 
Interetsing bit here about how the hacks of coop/harrods etc are being done:
"
The point is they — the threat actor — are entering using the front door, via the helpdesk to get MFA access — those are very good guides from defenders about what to do, links below.

woops.png

doublepulsar.com

DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry.
doublepulsar.com doublepulsar.com
 
ska invita said:
Interetsing bit here about how the hacks of coop/harrods etc are being done:
"
The point is they — the threat actor — are entering using the front door, via the helpdesk to get MFA access — those are very good guides from defenders about what to do, links below.

View attachment 477046

doublepulsar.com

DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry.
doublepulsar.com doublepulsar.com
Click to expand...

It’ll be phishing, then calling help desk to get mfa reset, then breaking into Active Directory then kaboom!

Protecting against this is actually pretty hard, requires good tools, processes and people.

Alex
 
Looks like crouching cock nose tiger strikes again!!

It’s all a bunch of wank. Orchestrated by misfits who would be incels if they didn’t have cyber security companies to run.
 
Nine Bob Note said:
I'm assuming that hackers are responsible for the Guardian's hideous new layout? :hmm:
Click to expand...
Atrocious isn't it. I hate it when designers are given free reign without understanding why they're there and they demand loads of white space. Which here means loads of pointless scrolling down to get to the information.

Also responsible for loads of white space on packaging which means they have to use 4 point text for the information you actually need.

Grrrr.
 
"US cryptocurrency exchange Coinbase has been targeted by hackers who stole customer data and demanded $20mn to prevent its public disclosure, the company said on Thursday.
The group, which next Monday is set to become the first crypto exchange to join the S&P 500, said the cyber demands were made on Monday.
The company’s shares were down 5.4 per cent in morning trade in New York. They had soared by a quarter on Tuesday after the announcement of its inclusion in the US blue-chip stock index.
“Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto. They then tried to extort Coinbase for $20mn to cover this up. We said no,” the group said in a statement on its website.
The California-based group has promised to pay a $20mn reward — the amount demanded — for information leading to the arrest and conviction of the criminals responsible."
 
You must log in or register to reply here.

Similar threads

P
The co-op and cyber security
2 3
Replies
87
Views
4K
SpookyFrank
SpookyFrank
Bingoman
Harrods the latest retailer to be hit by cyber attack 1/5/25
Replies
17
Views
910
gosub
gosub
tim
Nazi race and soil theories and their influence on the contemporary organic food movement.
2 3
Replies
68
Views
2K
Elpenor
Elpenor
HeAthen
Labour MP and Mayor Dan Norris arrested on suspicion of rape and child sex offences
2 3
Replies
68
Views
3K
Boris Sprinkler
Boris Sprinkler
tim
  • Poll Poll
Who will replace Keir Starmer as Prime Minister and Labour leader?
3 4 5 6 7
Replies
196
Views
6K
Elpenor
Elpenor
Back
Top Bottom