Read Cognosec’s round up of relevant news and happenings within the industry this week.
In the news this week…
Cyber-attack hits organizations globally
Our top story this week is the ‘NotPetya’ ransomware attack that struck organizations around the globe. Just a few weeks after WannaCry ransomware affected thousands of Windows-based computers worldwide, reports emerged of new wave of attack, first reported in Ukraine on Tuesday 27 June. Among others, Ukraine’s national bank, state power company and largest airport were affected as well as Russian energy firm Rosneft, Danish shipping company Maersk and the British advertising agency WPP. Infected computers demanded payments of $300 or £235 in Bitcoin to recover access to encrypted files. Dubbed NotPetya by experts because of its likeness to Petya ransomware but also its notable differences with it, reports emerged on 28 June that the ransomware originated from corrupted updates on a piece of accountancy software MEDoc, although the company denies this.
Click on the button below to read this news story in full
We speak to Cognosec CTO Oliver Eckel about the recent Petya / NotPetya attack, find out how you can protect your company and ask what should an organization do if it thinks it has been affected.
Click on the button below to read the interview in full.
Business Continuity Institute calls for better user education & cyber resilience
Phishing and social engineering are the cause of over half of cyber incidents, reports Infosecurity Magazine. The news comes as The Business Continuity Institute (BCI) published a report which found that nearly two-thirds (64%) of global firms have experienced at least one cyber “disruption” in the past year. The report also found that phishing and social engineering were the primary cause of more than half (57%) of disruptions. This has prompted the call for improved user education. However, the magazine reports that 87% of organizations polled reported having business continuity arrangements in place to respond to cyber incidents.
Energy industry cyber-attack fears
UK energy industry cyber-attack fears are 'off the scale' reports the Guardian. According to the newspaper report, the threat posed by cyber-attacks on power stations and electricity grids has been heightened because of the trend away from well-protected, centralised large power stations towards decentralised power, such as lots of small, flexible gas power plants and solar panels on homes. Smart meters, designed to automate meter readings are also said to be a target although DCC the body set up to handle the data insists that it is safe. Industry trade body Energy UK said there was a central system for logging threats, to help rapidly counter them. “Maintaining the highest level of security against cyber threats is a top priority for the industry,” said a spokeswoman speaking to the Guardian.
90 Parliamentary passwords compromised following cyber-attack
Earlier this week, up to 90 email accounts were compromised following a cyber-attack on the UK Parliament. According to reports, the hack prompted officials to disable remote access to the emails of MPs, peers and their staff. A spokesperson said the attack was a result of "weak passwords". These passwords were reported to be for sale online. An investigation is currently underway by the National Cyber Security Centre and National Crime Agency.