25th January | Become Cybersafe – Technologist

Welcome to the latest edition of the Cybersafe Cyber Threats Update, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

A prominent UK water utility company has been the victim of a cyber attack

In the face of a recent cyber threat, Southern Water, a major UK water utility company, has become a victim of a ransomware attack orchestrated by the Black Basta group. The private entity, which operates in multiple regions of the UK, including Hampshire, the Isle of Wight, West Sussex, East Sussex, and Kent, providing water and wastewater services to a significant population, is now grappling with the aftermath of the breach.

The Black Basta ransomware group, known for its malicious activities, has claimed responsibility for the hack and included Southern Water in its list of victims on the Tor data leak site. The group has threatened to expose 750 gigabytes of sensitive data, including personal and corporate documents, on February 29, 2024. Screenshots posted by the hackers have revealed some Southern Water employees’ personal details, passports, and ID cards.

While the specific ransom amount demanded by the Black Basta group is currently undisclosed, the group typically follows a double-extortion attack model, pressuring victims to pay under the threat of exposing confidential information.

This breach follows recent revelations that identified a vulnerability in the encryption algorithm of Black Basta ransomware earlier this month. The researchers developed a free decryptor in response to the flaw, enabling some victims to recover their files.

Black Basta, active since April 2022, has amassed over $107 million in Bitcoin ransom payments. A joint study by Elliptic and Corvus Insurance has identified at least 329 victims, including well-known entities such as ABB, Capita, Dish Network, and Rheinmetall. Analysis of blockchain transactions suggests a connection between Black Basta and the now-discontinued Conti Group, with funds laundered through the Russian crypto exchange Garantex.

The ransomware’s encryption algorithm analysis indicates a weakness exploited around April 2023. Files below 5,000 bytes in size are deemed unrecoverable, while full recovery is possible for files between 5,000 bytes and 1GB. However, a recent fix implemented by Black Basta limits the effectiveness of the decryption technique, making it unusable for cyber attacks conducted after December 2023.

As a cyber security and IT support company in Derby, Neuways also discussed a story recently about a fencing company being the victim of a cyber attack. The fencing company seemed a random choice at first until it was found to be a supplier to a UK military base. These stories highlight the importance of all companies being tight on cyber security, as sometimes the initial victim is just a small part of a bigger plan.

Microsoft discloses a cyber attack from nation-state threat actor

Microsoft has disclosed a nation-state cyber attack on its corporate systems by Midnight Blizzard, a Russian state-sponsored actor. The attack, detected on January 12, 2024, utilised a password spray technique to compromise a non-production test tenant account in late November 2023.

This account was then used to access a limited number of Microsoft corporate email accounts, including those belonging to senior leadership, cyber security, legal, and other functions. The threat actor exfiltrated some emails and attached documents, primarily targeting information related to Midnight Blizzard.

It’s emphasised that the attack did not exploit vulnerabilities in Microsoft products or services, and there is no evidence of the threat actor accessing customer environments, production systems, source code, or AI systems. Microsoft is notifying affected employees and assures customers that they will be informed if any action is required.

The incident underscores the ongoing risk posed by well-resourced nation-state threat actors. Microsoft acknowledges the need to recalibrate the balance between cyber security and business risk, as announced in its Secure Future Initiative (SFI). Immediate actions include applying current security standards to Microsoft-owned legacy systems and internal business processes, even if it causes disruptions. This adjustment reflects a commitment to a faster and more proactive security approach.

While these changes may result in some disruption, Microsoft sees them as necessary steps to address the evolving threat landscape. The company is actively investigating the incident, collaborating with law enforcement and regulators, and remains committed to sharing insights and learnings with the community. Additional details will be provided as the investigation progresses.

Neuways operate as a Microsoft Modern Workplace Partner, meaning we are able to offer clients a gold standard service that sees businesses grow with software.

Government urges businesses to tighten up on Cyber Security

A newly proposed Code of Practice on cyber security governance, targeted at directors and senior leaders, emphasises the need for businesses to prioritise cyber security alongside financial and legal considerations.

Developed in collaboration with industry experts and the National Cyber Security Centre, the Code recommends clear roles and responsibilities, detailed incident response plans, and regular testing. With cyber attacks impacting nearly one in three firms, the government seeks feedback from business leaders to shape the future of cyber security in the UK. The Code aims to empower leaders in navigating cyber threats, safeguarding customers, and supporting the growth of the digital economy.

The government’s response to software resilience and security concerns includes proposals to enhance software development practices and communication within supply chains. The initiatives align with the £2.6 billion National Cyber Strategy, reinforcing the importance of cyber resilience for businesses and the overall economy.

If you are a business owner that knows that you need to tighten up cyber security within your business, please do contact Neuways. We offer Managed Cyber Security services, as well as IT support from our base in Derby. Our dedicated team is always on hand to deal with your queries.

—————————————————————————————————————————–

Contact Neuways for Network Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the country and can travel for your needs.