Cyber Weekly Digest - Week #48
Updated: Dec 4, 2020
This week has been filled with high-profile cyber security stories including cyber-attacks on Manchester United football club, Spotify and a Danish news agency. Also, with the start of the holiday season, we are going to see cyber criminals getting festive with their attacks. Keep reading to hear about the latest and biggest cyber security stories.
Ritzau is the largest independent news agency in Denmark, and they announced on Tuesday that their network was hit by a ransomware attack on Tuesday morning. The attack has meant that the editorial systems have been shut now and therefore cannot broadcast it's news as it regularly would. Instead, Ritzau is using an emergency system to broadcast its news. The CEO announced that it will not pay the ransom, which is demanded by the attackers. There is a lot of confusion around whether companies should pay their ransom demand in exchange for their data. However, Ritzau is acting on guidance from their advisors.
One of the biggest stories this week is regarding a credential stuffing attack associated with Spotify. For a while now some Spotify users have been complaining about suspicious activity on their account including password changes, new playlists on their profiles and even strangers added to family accounts from other countries. It has been revealed in a recent report that this activity may have occurred due to a credential stuffing attack. A database was found exposed online, which contained 300 million usernames and password combinations which would allow someone to successfully log into a Spotify account. In response Spotify initiated a "rolling reset" of passwords for all users affected, making the exposed database useless.
Manchester United confirmed they had been hit by a "sophisticated operation by organised cybercriminals". The club announced that most of their systems were not disrupted meaning that their matches could still go ahead as well as stating that the believed that not personal data belonging to fans or customers were affected in the attack. The club is being praised for being able to swiftly shut down the affected systems and contain the damaged. This kind of attack shows that even if you have all the necessary measure in place for cybersecurity, you are still at risk
On Tuesday Parliament proposed the Telecommunications Security Bill which aims to block high-risk equipment suppliers and tighten security requirements for new high-speed fibre optic and 5G wireless networks. It the bill is approved by Parliament it means that telecom companies could face £100,000 a day fines if they fail to comply with the regulations. The bill would also give the UK one of the "toughest" telecoms security regimes in the world.
This week was Thanksgiving, meaning thousands of users are being targeted with holiday-related attacks. With zoom being one of the most popular methods families are connecting over the season due to the pandemic, criminals are focusing their efforts there. Thousands of credentials have been stolen in an ongoing phishing attack which pretends to be an invite for a zoom meeting. Victims are sent a fake video invite which, once clicked, opens a fake Microsoft login page hosted on Google's 'appspot.com' domain. When users enter their password, the phishing page will log the victims' email addresses, passwords, IP addresses, geographic location, and whether the login credentials could successfully login to the email account.
As we move into the holiday season, everyone should be on the lookout for potential holiday-related scams including Thanksgiving, Christmas, New Year, Hanukkah and especially those around Black Friday deals.
To make sure your users are prepared this season, you can get a free resource kit from KnowBe4 which includes free video training, infographics and posters.