CYBERSECURITY
ARTICLE
True root cause details are seldom disclosed in the aftermath of a high-profile cyber-attack and, in most cases, public interest is lower than interest from the business community. However, in recent weeks and within a relatively small window, three of the UK’s most cherished household names suffered cyber-attacks which directly impacted the general public. Much of the news coverage labelled the incidents as ‘serious attacks’ but, to us, ALL breaches – from minor security incidents to attempted breaches - should be treated with the highest level of seriousness.
From the information we have been able to gather, these serious attacks were part of a much larger wave of retail-based cyber-attacks, and it has been interesting to retrospectively form a timeline of events.
EXPLOITATION OF VULNERABILITIES
WITHIN SYSTEMS
INCLUDING
GAPS IN EMPLOYEE
SECURITY AWARENESS
These seemed to be the headline(s). My interest was particularly piqued when I received a very well-crafted “…managing a cyber incident” email from one of the affected retailers immediately following the breach. I tend to put myself in the mind, or room, of the Team dedicated to a) dealing with plugging the gaps and b) issuing communications to the entire customer base. I imagine that external experts in cybersecurity and crisis comms were brought in, but, however the initial email is worded after an event like this, there is never going to be a good way of saying ‘the management of our systems put you at risk’.
A breach of this nature will inevitably include attackers using social engineering and phishing tactics, including IT helpdesk impersonation, to gain initial access to internal systems. To break this all down:
Weak Security Practices: Attackers can bypass initial security measures, suggesting potential weaknesses in digital infrastructure and employee security awareness.
Helpdesk Impersonation: Attackers gain access by impersonating legitimate IT helpdesk personnel, leveraging social engineering and password resets.
Targeted Phishing: The group linked to the attack(s) is known for using sophisticated phishing emails and other social engineering techniques to compromise credentials.
Multi-Factor Authentication (MFA) Fatigue: Attackers use MFA fatigue techniques, bombarding users with repeated authentication requests, likely to their respective mobile devices, to force them into providing access.
Employee Error: The human element of a cyber-attack - an interesting aspect of this situation - highlights the importance of employee security awareness training, or as we prefer to call them - Cyber Awareness Workshops. ‘Falling’ for phishing emails, then providing credentials to unauthorised individuals, creates vulnerabilities that attackers will always look to exploit.
System Disruption & Downtime: Whilst not all the recent attacks were at the same level of severity, the high-profile high street retailers all suffered a huge amount of disruption, in some cases downtime, which prompted emergency security measures. This included restricting internet access and isolating systems, as well as the embarrassing fallout of becoming headline news for the wrong reasons.
Food shortages in rural areas: One of the providers covers much of the rural market, and in rural supermarkets across the UK, there continue to be food shortages. This shows how vital cybersecurity is, and how easily vulnerable systems can cause real problems.
Something we at eoCiTO are proud to offer is an initial Cybersecurity audit in line with IASME Cyber Essentials. This is aimed at focusing on forming a baseline to improve your IT security posture and provide a pathway to cyber resilience. Cyber threat is evolving every day, so achieving a high level of security should be seen as an ongoing journey, not a destination.
Head of Cybersecurity
More information can be found here on our website and via our LinkedIn profile, for queries please email cyber@eocito.com
-
eoCiTO are not responsible for the content ofexternal sites