Recent Cyber Attacks 2020
Posted By: Claire Saturday 19th September 2020COVID-19 is showing no signs of calming for many areas across the UK and with such pandemonium cyber attacks are on the rise. With COVID seemingly increasing across Middlesbrough, Stockton and Teesside, we’re constantly reminded about being vigilant. With so many of us working from home in order to protect our health and that of those we love, it’s imperative to take cyber security on board.
September 2020
With students returning to their ‘new level of normality’, the education sector has accounted for 20 out of the 102 publicly disclosed cyber incidents attributed to October 2020. Unfortunately, the majority of these have been ransomware.
Let’s get specific;
September 4th 2020, saw the breach of Newcastle University’s systems before the theft of backup files. Literally ‘held to ransom’, the university issued an apology while staff members and students had limited access to systems. The full extent of the breach has not yet been revealed. At a guess, this will be costly.
The education sector is certainly taking a hit;
Again, the North East fell foul of a cyber attack when Northumbria University had to cancel exams and shut down their clearing hotline after an attack. Imagine the clamour.
It’s like bowling pins;
The knock on effect attributed to both mentioned examples is mammoth. We think of it almost like knocking down bowling pins. Each university began with 10 pins. The first hits the ground just as hackers gain entry. Don’t worry though, it’s not a strike! From here however it only needs the bowler to score a ‘spare’ before every piece of valuable and personal information is gone. Students can’t login, personal data vanishes, exams have to be cancelled and the university is being blackmailed. From hacker to system to university leaders to students. It’s a straightforward trail of destruction.
Even closer to home;
Towards the beginning of 2020, Redcar and Cleveland Council were victims of a cyber attack costing £10.4 million. £2.4 million of this total attributes to the recovery or replacement of IT infrastructure and systems. This catastrophic event could have been completely avoided if the council had invested in the right form of cyber security. In terms of costs; we’re talking a lot further south than £2.4 million, let alone £10.4!
The team at LaneSystems work tirelessly across Teesside and the North East ensuring companies, educational and medical facilities, charitable organisations and local authorities remain secure. Each and every cyber attack mentioned so far could have been avoided by employing our specialist IT services. With over 30 years of industry experience we’ve helped Citizen’s Advice of Newcastle, charities such as Free the Way and MAIN of Middlesbrough alongside small to medium companies in Gateshead, Durham and beyond.
Protect Your Business Against Cyber Attacks
Cyber-attacks pose a real threat to businesses with knock on effects to individuals (we’re back to bowling again). The vast majority of ransomware attacks are initiated by Phishing emails directed at individual email accounts. Attacks are not, as many people think, hackers with the intention of leaking valuable documents. These Ransomware attacks are executed by opportunist individuals or organisations targeted on one principle, which is to extract money from the victims. For Newcastle and Northumbria university for example, hackers will hold information until a ransom is paid; hence the name, ransomware.
We’ll link it together shortly..
It may seem as though we’re going off on a tangent, but stay with us. We’re getting deep shortly and in addition have a fabulous online dating profile to share with you. But first….
We’re off d’aaaan saaarrf’!
One of the most recent cyber attacks of 2020 has seen Hackney Borough Council hit hard. As of 13th October, systems went down and a week later, many remained this way. In terms of bowling pins, rent payments cannot be made or tracked with service charges and council tax unable to be paid or traced. Whilst some residents of Hackney may think this is great, lack of tracing hits landlords and of course, the wider economy. As of 20th October, Hackney residents could not access benefits and were urged not to contact the council unless absolutely urgent.
We promised to get deep;
And no, we don’t mean emotionally.. If you’ve yet to come across the deep web, you’re in for a treat. If, like the majority of us, your internet time is spent on Google and similar search engines, you’ll be used to searching for specific products and services such as ‘IT Support Middlesbrough’ and ‘Cyber Security Stockton’ (see what we did there)? The deep web is a whole other piece of the internet not visible to search engines.
But what does this mean exactly?
Whilst it may sound sinister, the deep web isn’t all bad, referring to anything not indexed on the net. Payment details are a great example. When purchasing something online we enter what we’re looking for and are presented with many options. Each page we see on Google has been ‘indexed’ hence the search engine is showing it to us. Pages are indexed automatically unless web hosts give the <”noindex”> command. When it comes to entering payment details, as customers, we don’t want Google to be able to view these do we? Therefore, the <”noindex”> rule is applied. Other information such as sign in details lies within the deep web.
Further examples of deep web content include:
Medical records, fee-based content and membership websites are just some examples of content making up the deep web. It’s estimated that anywhere up to 96% of the internet is made up of the deep web.
We’re going even further in – who’s got the torch?
Bear with us because things are about to get dark.
The deep and dark web are often used interchangeably but they are in fact two very separate parts of the internet.
Confused?
The dark web is a subset of the deep web and this includes content that’s intentionally hidden. Whilst not all of this is used for illicit purposes there’s unfortunately, a lot that is.
The dark web is where it’s at;
Unfortunately the dark web offers individuals with the ‘know how’ gain access to hacking techniques, malware and even more ferocious Ransomware attacks. We don’t want to frighten you too much so we’re not going any further with this. Let’s just say that if your company holds the right level of cyber security, the worry of a successful attack becomes extremely minimal.
How to stay cyber secure in just a few easy steps
At LaneSystems our experts have come up with a ‘go to’ list of recommendations for securing your business online.
Lucky 7 Top Tips in Remaining Cyber Secure
Tip Number 1: Run Windows updates installing those required when required. It’s a rookie mistake hitting the ‘remind me later’ button, especially with the Hybrid Working Method currently in full flow. There’s no time like the present and what may take a few minutes now saves the potential of hours, later.
Tip Number 2: Make sure your antivirus product is a full version and not Free. Free software is great and who doesn’t love a freebie? Antivirus however, isn’t an area we should scrimp on in business. Shelling out a little extra now could save thousands later. Our blog on Free Versus Paid Software provides detailed information on where savings can be made.
Tip Number 3: Make sure your Antivirus is working, up to date with the latest virus definitions and run a scan. If this makes no sense to you, ask an IT Professional.
Tip Number 4: Make sure any spam filters are turned on in your email software. Again, if this is something you’re unsure of, ask a web developer for help.
Tip Number 5: Make sure important data is backed up outside of the local network or your machine. This is where Cloud Solutions are potentially fundamental, business depending.
Tip Number 6: Restore backups periodically to ensure they’re working.
Tip Number 7: Off-site backups are crucial! Make sure they work!
The above tips make for good practice and whilst not necessarily foolproof, they will help towards keeping you secure. For the right levels of security you really do need to book an appointment with IT specialists. Remember, LaneSystems work right across the North East including Teesside, Durham and Newcastle.
The Art of Phishing
“Don’t take the bait”!
Phishing emails are designed by fraudsters to appear as if they have been sent by banks, credit card companies, government departments, online stores, auction sites, and other trusted organisations. Our blog, 6 Phishing Attack Examples, explains the various content types of phishing emails, some of which you may have seen.
What techniques do hackers employ?
Sometimes, the more brazen phishing emails actually warn you of a virus. They’ll invite you to click on a link or open an attachment to protect yourself. If you receive an email like this it ALWAYS pays to check with your IT department in the first instance. As a general rule of thumb, anything with a link or download that you’re not expecting, leave well alone.
Phishing emails attempt to trick you;
The overall aim of a phishing email is to get individuals clicking links to authentic looking yet hoax websites. From here users are requested to input personal details such as login information and even banking details. Enter at your peril because once you’ve opened the doors, hackers will certainly spend on your behalf.
Further tricks are looming;
Unfortunately, some links found in phishing emails are infected with malware. Think Redcar & Cleveland Council. Do you have £10.4 million to spare?
We’re not done there;
Happening to open an attachment disguised as a legitimate file can also be detrimental, again, containing malware. Are you prepared for a Northumberland University related scenario?
The Phishing Email’s Dating Profile
If the Phishing Email was to date, it would have some key characteristics. As a little ‘tongue in cheek’, we’ve had a go at writing the perfect Phishing email dating profile!
Would you ‘swipe right’?
“I’m a strong character, with the ability to carry out impersonations to a decent standard. If you choose me, I’ll visit your inbox while pretending to be someone you know extremely well. What’s your favourite online store? Amazon? That’s no problem for me, my impersonation is amazing! Just don’t ‘double take’ my email address because this may be slightly different and I don’t want you sussing me out too soon”.
“I’ll include yours or your company name in my correspondence with you as I want you to think I’m trustworthy and that potentially, I know you. If I’m really keen I’ll even include your address”!
“I’m very intelligent when it comes to ‘getting to know you’ so even if I don’t actually use your name in my message, you can still click the link or download my fabulous attachment. It’s fine, it really is, you can trust me and my G.S.O.H”!
“As previously mentionnied I’m very strongg and highly intllegint*.Don’t wait to click on the link I sent you as I’m waiting for a response from you NOW and you don’t want to miss out on a fabulous date with yours truly do you*”?
*It pays to take note of poor grammar!
*Phishing emails love a bit of pressure.
“Priding myself on being upfront I have made sure the link to my expanded dating profile can be seen clearly within any emails I send you. Please just click this, never check twice or you might just see it’s spelled differently to your favourite online store. I do like a good joke”!
“Finally, I’d like to ‘wow’ you with just how clever I am. You may even receive an email directly from your favourite store when in actual fact it’s from me! In this instance, I’m just pretending to be someone else, but remember, it’s ok. Just because you weren’t expecting me doesn’t mean you can’t click on me”!
How can you avoid phishing emails?
The obvious answer is to not open any attachments from unknown sources. If ever you’re in doubt, contact the person or organisation the email claims to have been sent by. If you’re not expecting an email, if you’ve not signed up to newsletters or if asked to input personal information, STOP! Don’t click on links in emails from unknown sources and don’t respond to email addresses you don’t know. Avoid making purchases or charity donations in response to spam email. Do not unsubscribe to what you think may be phishing emails. This may in itself lead to a hoax website.
How did we get here?
Much like the feeling of 2020, you’re probably wondering how we got from cyber attacks to the online dating profile of a phishing email!
Here’s a quick recap;
Recent Cyber Attacks of 2020 have increased due to the worldwide pandemic. This means as businesses and individuals we need to think differently, act differently and overall make sure we’re safe. While your health always trumps importance levels, cyber security in 2020 is THE go to second place winner.