113 NHS Email Accounts Compromised as Part of a Phishing Campaign

NHS | June 17, 2020

113 NHS Email Accounts Compromised as Part of a Phishing Campaign
  • The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside .

  • They working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations.

  • All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed it argued that since implementing a “new password approach.


The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside the health service around two weeks ago. A brief NHS Digital statement issued on Friday revealed that the incident occurred between Saturday May 30 and Monday June 1 2020. It claimed the security snafu affected a “very small proportion” of NHS email accounts, around 0.008% of the 1.4 million total, and was linked to a wider campaign designed to steal victims’ log-ins.


There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK,” it added. In fact, the NCSC first raised the alarm about the campaign back in October last year, claiming that automated attacks designed to harvest credentials had been active since at least July 2018 and were spreading “indiscriminately” across multiple verticals.



Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS

There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK.

~ NCSC said


In this campaign, the user receives a phishing email from a legitimate and known email account which has been compromised. Phishing emails were previously sent from contacts in recent email communications with the recipient, and the subject lines often mirrored the most recent email exchange. This created an initial plausibility for the user to trust the email,” it explained. “More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email.


This could be in the recipient’s name, the email address or may just be blank.” Clicking on a link in the email would take the user to a fake log-in page featuring their organization’s logo and their email, the NCSC said. All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed. It argued that since implementing a “new password approach” there has actually been a 94% decrease in phishing emails sent to NHSmail accounts over the past year.


More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank .


We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect,” NHS Digital concluded. “We have worked with the organizations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals. The sensitive data that the NHS has access to is of real value not just to hackers, but also to commercial or state actors. To mitigate the risk to its patients and employees the NHS has worked with the NCSC to implement new security guidelines across the NHS.


The NHS stands for the National Health Service. It refers to the Government-funded medical and health care services that everyone living in the UK can use without being asked to pay the full cost of the service. The publicly funded health care service in Northern Ireland isn’t officially called the NHS, it’s actually called Health and Social Care Services (HSC). Each NHS organisation and the HSC provide health care services free at the point of delivery. But there are slight differences in what is fully funded by government and what services are available across the different UK countries.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional "scan-and-patch" vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.

Related News

SOFTWARE SECURITY

IPKeys Power Partners Announces New Grid Cyber Security Breakthrough

IPKeys | September 09, 2021

IPKeys Power Partners, the leading cybersecurity, cyber compliance, and smart grid technology company, announced today the release of its groundbreaking SigmaFlow Beacon platform to provide utilities, generators, and grid operators a simple, unified solution for cybersecurity monitoring and compliance requirements. The SigmaFlow Beacon platform is built specifically to help organizations align with North American Electric Reliability Corp. (NERC) compliance mandates. It provides NERC registered entities with a single solution to advance, simplify and improve existing cybersecurity and monitoring requirements. "We are pleased to provide utilities, generators and grid operators a system that ensures unification of cybersecurity monitoring and NERC-CIP compliance requirements," said Robert Nawy, CEO IPKeys. "It is long past time for the worlds of compliance and cyber defense to converge to provide cyber assurance for our power grid. The SigmaFlow Beacon unites needed capabilities of real-time cybersecurity monitoring with governance and regulation." The SigmaFlow Beacon provides one, purpose-built solution for NERC baseline management, collecting the critical cyber data in real time and seamlessly incorporating the approval process within the SigmaFlow workflow and evidence platform. SigmaFlow Beacon technology is built for rapid deployment, making it faster and easier to implement than current monitoring solutions. It will save utilities valuable time, and provide seamless Critical Infrastructure Protection, improved cybersecurity, and audit ready results. Today, NERC registered entities must use multiple vendors and systems to monitor baseline security and compliance data. These solutions are not connected to workflow, making the correlation between change management and baseline authorization next to impossible because multiple changes could be made since the facilities' last scan. "SigmaFlow Beacon is a major step towards our vision of bringing compliance and security teams together, at the same time simplifying the act of maintaining compliance while enhancing real world cybersecurity," said Louis Riendeau, IPKeys Vice President, Operations & Product Management. "Many of our clients and Governance & Regulation communities tend to get a sense of false cybersecurity validation by passing NERC compliance audits, SigmaFlow Beacon and the entire IPKeys Cyber Lab-as-a-Service platform introduces automated NERC compliance and advancement in real cybersecurity protection," said Trey Kirkpatrick, VP, NERC Implementation Services and Consulting. Benefits of a Unified Approach between Cybersecurity and Compliance Improved cybersecurity: The fewer moving parts, the fewer opportunities for errors—and the fewer cracks for hackers to get in through. With cybersecurity and compliance in sync, there is a shared knowledge between organizations. Time Savings: When a crisis strikes, immediate action is vital. With unified security and compliance, there is less risk of misunderstanding or miscommunication between organizations, less need for work to be redone, and fewer questions about completion. Seamless CIP management: Unified end-to-end management of security and compliance ensures consistent CIP management, while providing more efficient and accessible records, greater access to critical information, and reducing data errors, missed assignments or due dates. Always audit-ready: All data is stored in one secure location, and is consistent, connected, complete and primed for scrutiny. Large cybersecurity incidents like the SolarWinds breach or the Colonial Pipeline hack garner most of the attention, but hundreds of smaller attacks have impacted businesses, municipalities, and utilities across the country - and the threat is accelerating. According to Statescoop, between 2013 and 2018, 180 documented cyberattacks occurred, while 236 incidents have been reported since 2019. About IPKeys Power Partners IPKeys Power Partners' industry-leading, secure OT and IoT intelligence platform addresses the complex cybersecurity, data, and communications challenges faced by operators of mission-critical networks for customers in the energy, government, and industrial markets. The company's suite of solutions encompass cybersecurity and cyber compliance for dynamic OT/IT environments, data analytics, secure energy management, and public safety network monitoring. The company is headquartered in New Jersey and has offices in California, Louisiana, Maryland, Texas, and Virginia.

Read More

DATA SECURITY

Owl Cyber Defense improves advanced network security capabilities with Trident Assured Collaboration Systems Acquisition

prnewswire | January 05, 2021

Owl Cyber Defense Solutions, LLC ("Owl"), a worldwide market pioneer in online protection arrangements and administrations for safeguarding network limits and empowering secure information sharing across areas, reported today the obtaining of the Trident Assured Collaboration Systems ("ACS") product offering. ACS has the solitary U.S. government-affirmed Voice over IP ("VoIP") and Video Teleconference ("VTC") Cross Domain Solution ("CDS") just as the business' most exceptional Full Motion Video ("FMV") sifting ability – usefulness basic to CDS activities in a time of robots and cameras. The obtaining gives Owl a more extensive scope of guaranteed network border guard arrangements than any rival on the lookout. Owl, upheld by private speculation firm DC Capital Partners, has been a main supplier of CDS to the U.S. Branch of Defense ("DoD") and Intelligence Community for over 20 years. Owl is likewise the worldwide pioneer in network safety assurance for basic framework, offering the solitary U.S. government tried and certify CDS accessible for organization inside and outside the U.S to both government and business customers. Owl's Cross Domain Solutions offer the most elevated level of organization edge security, far surpassing the capacities of firewalls and other ordinary organization protections. Owl's items are the decision for ensuring the country's most delicate organizations and frameworks against assault. Ongoing episodes have exhibited the failure of inheritance firewalls to forestall cyberattacks against basic business and working frameworks and cloud-based applications. The blend of Owl and ACS's innovation offers a full continuum of CDS items that give equipment upheld space partition and layers of information separating confirmation instead of a solitary organization line checkpoint with insignificant substance sifting. Arrangements like firewalls that worked 25 years back as an organization insurance approach are not, at this point compelling against country state quality assaults. As country state assaults increment, the methodologies utilized by state entertainers start to saturate the criminal side of cyberattacks. Powerful network safety presently requires a coordinated, multi-layered framework with information diode equipment parts in gatekeepers which perform escalated information assessment and confirmation. The up and coming age of insurance, coming out now and based on a mix of Owl and ACS innovation, installs CDS usefulness in incredibly low-inactivity, unmodifiable equipment. Thomas J. Campbell, Chairman of Owl and Founder and Managing Partner of DC Capital, said, "This is another step in executing our strategic vision. The acquisition of ACS not only places Owl ahead of other Cross Domain Solution providers, but it also plays a pivotal role in our larger strategy to offer true cybersecurity protection. The future requires solutions that are cost effective and easy to implement, use, and maintain." "The explosion of the Internet of Things ("IoT") demands cyber-secure devices, from those that control our critical infrastructure, to our homes and cars," said Campbell. "The technology Owl pioneered 20 years ago is now available in form factors small enough to be embedded inside devices. Owl has always been an early mover, the first to develop hardware-enforced network protection and now the first to offer a hardware-enforced CDS that can be embedded." "Owl has been rapidly moving towards this number one position for the last couple of years," commented Robert Stalick, President and CEO of Owl. "With the addition of ACS, the last piece has fallen into place. Owl is now the clear leader in accredited Cross Domain Solution offerings, with the widest range of capabilities and products – solving problems from tactical to enterprise in data, voice, and video; for government, critical infrastructure and commercial enterprises." Jerry B. Chernock, Partner at DC Capital, added, "Clearly we need to address the deficiency of firewalls. There is a motivation behind why our customers demand Cross Domain Solutions and not exclusively on firewalls. Late assaults, including a security break at an unmistakable U.S. based network protection firm and a few U.S. Government organizations, have accentuated the requirement for knowledge, military, basic framework and corporate customers to rapidly develop how they secure their organizations." "The sophistication of these technologies cannot be overstated," said Ken Walker, Chief Technology Officer at Owl. "The U.S. Government continues to set the standards for the most rigorous operational requirements and testing regimes globally, setting expectations that very few companies can meet. Owl is one of a handful of elite companies that satisfies the government-established 'Raise the Bar' requirements." About Owl Cyber Defense Solutions Owl has been serving the cybersecurity needs of the U.S. government since inception – providing hardware-enforced cybersecurity controls, industry leading expertise in operating system hardening, extensive device and network-based assessment services and thought-leadership in filtering/data processing disciplines. Owl Cross Domain Solutions are operating broadly in missions across both the DoD and the U.S. intelligence agencies. Globally Owl is the leader in perimeter protection for nuclear power plants, oil and gas operations, renewables and power generation and transmission, with aggressive growth occurring in the data center and cloud provider sectors. Owl continues to innovate and is bringing to market the world's first embeddable cybersecurity to serve the Internet of Things ("IoT").

Read More

DATA SECURITY

Microsoft and Darktrace Collaboration Extends Autonomous Cyber Defense Across the Cloud

Darktrace | May 10, 2021

Darktrace, a leading autonomous cybersecurity AI firm, revealed today that it has partnered with tech giant Microsoft. The collaboration provides joint customers with enterprise-scale, self-learning AI that identifies and reacts to cyber-threats autonomously. This partnership expands Darktrace's self-learning artificial intelligence for cybersecurity within Microsoft environments, such as Microsoft 365 and cloud apps like Azure Sentinel. When companies and workforces around the world depend more on cloud infrastructure and virtual collaboration tools, the collaboration ensures that threats can be halted by Microsoft's technologies in conjunction with Darktrace's Autonomous Cyber AI technology. Microsoft and Darktrace's collaboration improves security through multi-platform and multi-cloud environments, automates threat investigations, and allows teams to prioritize strategic activities that matter. The two organizations are working together to help companies in a variety of important areas: Cyber AI Email Security – Antigena Email, which utilizes Darktrace's autonomous response technologies to counter the most advanced email attacks, is now hosted on Microsoft Azure and available on the Microsoft Azure Marketplace. Simplified and Streamlined Security Workflows – Darktrace also works smoothly with Azure Sentinel, with a customized Workbook enabling users to send and envision Darktrace threat alerts and automatic threat investigation reports within Sentinel. Seamless data integration – With one click, users can connect Darktrace's AI detection capability to Microsoft Defender for endpoint security. "As cyber-attacks get more advanced, AI is introducing a deeper level of security in detecting these risks," said Clare Barclay, CEO of Microsoft UK. The collaboration between Microsoft and Darktrace will help in the security of organizations, allowing them to concentrate on their core business and customers." "I am happy to be working with Microsoft to put Darktrace's Cyber AI and autonomous response into joint customer environments," said Poppy Gustafsson, CEO of Darktrace. "Darktrace secures Microsoft wherever it runs." About Darktrace Darktrace is the pioneer of Autonomous Response technologies and a leading autonomous cybersecurity AI organization. It protects the cloud, email, IoT, traditional networks, endpoints, and industrial platforms for over 4,700 organizations in over 100 countries. Darktrace AI, a self-learning technology, tracks, investigates and reacts to advanced cyber-threats such as insider threats, remote working risks, malware, data loss, and supply chain vulnerabilities. The corporation employs 1,500 people worldwide, with headquarters in Cambridge, UK. Darktrace AI detects a cyber threat every second, preventing it from causing harm.

Read More

Spotlight

The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional "scan-and-patch" vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.