113 NHS Email Accounts Compromised as Part of a Phishing Campaign

NHS | June 17, 2020

  • The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside .

  • They working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations.

  • All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed it argued that since implementing a “new password approach.


The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside the health service around two weeks ago. A brief NHS Digital statement issued on Friday revealed that the incident occurred between Saturday May 30 and Monday June 1 2020. It claimed the security snafu affected a “very small proportion” of NHS email accounts, around 0.008% of the 1.4 million total, and was linked to a wider campaign designed to steal victims’ log-ins.


There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK,” it added. In fact, the NCSC first raised the alarm about the campaign back in October last year, claiming that automated attacks designed to harvest credentials had been active since at least July 2018 and were spreading “indiscriminately” across multiple verticals.



Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS

There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK.

~ NCSC said


In this campaign, the user receives a phishing email from a legitimate and known email account which has been compromised. Phishing emails were previously sent from contacts in recent email communications with the recipient, and the subject lines often mirrored the most recent email exchange. This created an initial plausibility for the user to trust the email,” it explained. “More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email.


This could be in the recipient’s name, the email address or may just be blank.” Clicking on a link in the email would take the user to a fake log-in page featuring their organization’s logo and their email, the NCSC said. All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed. It argued that since implementing a “new password approach” there has actually been a 94% decrease in phishing emails sent to NHSmail accounts over the past year.


More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank .


We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect,” NHS Digital concluded. “We have worked with the organizations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals. The sensitive data that the NHS has access to is of real value not just to hackers, but also to commercial or state actors. To mitigate the risk to its patients and employees the NHS has worked with the NCSC to implement new security guidelines across the NHS.


The NHS stands for the National Health Service. It refers to the Government-funded medical and health care services that everyone living in the UK can use without being asked to pay the full cost of the service. The publicly funded health care service in Northern Ireland isn’t officially called the NHS, it’s actually called Health and Social Care Services (HSC). Each NHS organisation and the HSC provide health care services free at the point of delivery. But there are slight differences in what is fully funded by government and what services are available across the different UK countries.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

Check fraud - it not only won't go away, but it is morphing to keep pace with consumers' digital banking habits. Although the number of checks written by consumers has decreased significantly, the reverse is true about dollars lost to check fraud.

Spotlight

Check fraud - it not only won't go away, but it is morphing to keep pace with consumers' digital banking habits. Although the number of checks written by consumers has decreased significantly, the reverse is true about dollars lost to check fraud.

Related News

PLATFORM SECURITY

SecurityScorecard Helps CISOs See, Resolve and Communicate Cyber Risks Clearly with Integration of Ratings Platform and Suite of Professional Services

SecurityScorecard | August 10, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced the integration of its Professional Services offering with its ratings platform to provide a single point of orchestration to manage cybersecurity risks. SecurityScorecard’s Professional Services team can help any customer manage cybersecurity risk in concert with the industry’s largest and most comprehensive global, cyber risk data set, setting the industry standard for how cyber risk is quantified, measured and reduced. SecurityScorecard delivers strategic, proactive and acute-scenario services paired with its industry-leading ratings platform that together provide end-to-end cyber risk management from monitoring to remediation. “CISOs are under pressure to protect their organizations, and are now accountable to the Board of Directors, but they lack a single-point of orchestration for cybersecurity workflow and to define success. “Our services and software platform provides CISOs with peace of mind that they have the broad visibility to take action quickly, hold their vendors accountable and communicate those actions promptly.” Aleksandr Yampolskiy, co-founder and CEO, SecurityScorecard SecurityScorecard’s Professional Services team utilizes the combined data and dynamic risk intelligence from the SecurityScorecard platform together with customized data derived from dark web mining to give each customer a holistic, full-spectrum view of their risk posture that is continuously assessed and triaged. SecurityScorecard’s suite of Professional Services is supported by a team of 24/7 Digital Forensic Incident Response (DFIR) experts and include: Cyber Risk Intelligence-as-a-Service provides organizations with tailored, actionable intelligence via SecurityScorecard’s threat intelligence team. Third-Party Risk Management (TPRM) Program includes workshops and customized roadmaps to help organizations mature their programs. Tabletop Exercises help test teams’ cyber readiness against a real-world cyber incident by practicing incident response scenarios. Penetration Testing and Red Team Exercises engage covert teams of ethical hackers to identify weaknesses. Digital Forensics & Incident Response (DFIR) support helps to collect, preserve and analyze digital evidence when responding to an incident, whether that be an insider threat situation or a nation state attack. SecurityScorecard’s team of experts regularly testify in court and collaborate with law enforcement. Incident Response support is also available 24/7 and onsite during a crisis, such as a ransomware incident, to help contain attacks, identify the threat actors and safely progress to the eradication phase. SecurityScorecard’s Professional Services team also helps prevent churn across internal security and TPRM teams by giving them the expertise to maintain program integrity and business uptime, particularly for under-resourced teams, regardless of cyber or third-party risk maturity. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

SOFTWARE SECURITY

WhiteSource Rebrands as Mend

Mend | May 30, 2022

WhiteSource, a pioneer in application security, has rebranded to Mend. Within the Mend Application Security Platform, the business is also delivering the industry's first automatic remediation for custom code security concerns, as well as integrating Mend Supply Chain Defender (previously WhiteSource Diffend) in its JFrog Artifactory plugin. Mend protects all parts of your program by automating repair, prevention, and protection from issue to solution, rather than just detection and proposed solutions. With revenue increasing by 800% in the previous three years and enterprise net retention reaching 127% in 2021, the firm recruited 350 new clients in the last year. Mend has over 1,000 clients, including more than 25% of the Fortune 100, and is committed to spending its most recent investment ($75 million series D announced in April 2021) on general development as it extends outside the Software Composition Analysis (SCA) industry. This includes the purchase of Diffend in April 2021, as well as the acquisitions of SAST companies Xanitizer and DefenseCode in February of this year. The Mend Application Security Platform is the result of strategic acquisitions and the company's unique automated remediation capabilities. The platform is the first to automatically detect and correct application security gaps including both open source and bespoke code, combining automated remediation for static application security testing (SAST) with Mend's current capacity to do so for software composition analysis (SCA). "Attackers are increasingly targeting applications as the weakest link to go after organizations, and at the same time, pressure to deliver software faster has never been higher. Organizations face undeniable tension to do both, better. Mend breaks the tradeoff between security and development delivery timelines by providing a solution that automates the reduction of the software attack surface while removing most of the burden of application security, allowing development teams to deliver quality, secure code, faster." Rami Sass, Co-founder and CEO of Mend Josh Johnson, Manager of Solutions Architecture, Defy Security said that "Whether open-source or proprietary code, the application security industry has mostly focused on vulnerability detection and management. Mend has an interesting approach of automating the remediation of code vulnerabilities. While the company is announcing this new name, as a partner of Mend, we are excited for it to further its commitment to solving code-based security challenges with automated-remediation. Defy Security looks forward to seeing Mend extend automation for closing security gaps."

Read More

SOFTWARE SECURITY

Syscoin Launches Network Rollup Facility

Syscoin | June 13, 2022

Syscoin, a cutting-edge base layer protocol that incorporates the composability of Ethereum-style smart contracts with the Bitcoin Network's industry-leading security, announced today the upcoming release of Rollux, a suite of developer-ready scaling solutions for developing decentralized applications at the speed of Web2 architectures. “At Syscoin, we are constantly improving the architecture of our platform to offer the most capable solution for developers who want to build with Bitcoin’s security, Ethereum’s flexibility, and, beginning today, Syscoin’s own scaling solutions. The launch of our in-house Layer 2 rollup suite marks a major milestone in the evolution of the Syscoin Network toward being the ultimate foundation for applications aimed at individuals, global enterprises and even governments around the world.” Jag Sidhu, Syscoin Foundation’s lead developer and president Moreover, Syscoin uses its unique Proof-of-Data-Availability (PoDA) breakthrough with Rollux to secure accessible off-chain data for rollups. Apart from Ethereum, Syscoin will be one of the first chains to host optimistic rollups and the only one to use Bitcoin's gold-standard proof-of-work hashing for its own security. As Ethereum evolves toward a proof-of-stake consensus paradigm, this difference will become more relevant. Syscoin's development plan is divided into three segments. The first phase concluded in December with the release of Syscoin's Network-Enabled Virtual Machine (NEVM). Syscoin's NEVM parallel Layer 1 chain allows developers to construct Ethereum-compatible, smart-contract-based decentralized apps on the Syscoin Network. Rollux is Syscoin's in-house Layer 2 rollup suite and marks the next step in the company's evolution. Rollux will provide scaling solutions to applications that use the Syscoin Platform foundation layer in order to provide decentralized services at Web2-like speeds. Furthermore, the Rollux suite will be a comprehensive Layer 2 solution that covers the full range of scaling methods. Rollux will first provide Optimistic rollouts before extending to include ZK rollups when they become practicable. When it is released, Rollux's optimistic rollup utility will use modular scaling technologies to provide the most efficient, cost-effective, scalable, and secure Layer 2 available. Syscoin will unleash performance and scalability 50 times that of existing Layer 2s and 5000 times that of the Ethereum mainnet with direct EVM counterparts like Arbitrum's Nitro and Optimism's Cannon. This powerful platform will continue to progress the sector for many years to come, ultimately ushering in stateless Layer 2 systems that offer a significant advancement in scalability and security. Syscoin Rollux will represent the cutting edge of scaling technology for Solidity-based smart contracts, with Layer 2 scaling coupled to Bitcoin's security standard. Moreover, since the smart contract layer is entirely EVM-compatible, it will be straightforward to onboard applications from Ethereum that want to add Bitcoin's security at scale. Finally, since the non-profit Syscoin Foundation is releasing the Rollux suite, the project will avoid charging excessive fees and using token schemes that add friction and costs to consumers.

Read More