Urban75 Home About Offline BrixtonBuzz Contact

Data breaches/IT security failures at Sellafield, the British Library, the Guardian and UK businesses

Ultimately it’s the responsibility of Information Security in the NHS (is that what we are talking about?), to make sure that their 3rd party risk management is in order. And hopefully they are using comprehensive processes to monitor and secure their 3rd party systems and connections.
 
  • Haha
Reactions: Chz
Boris Sprinkler said:
Ultimately it’s the responsibility of Information Security in the NHS (is that what we are talking about?), to make sure that their 3rd party risk management is in order. And hopefully they are using comprehensive processes to monitor and secure their 3rd party systems and connections.
Click to expand...

Almost all of these happen because the security measures the people ticking all of the boxes thought were in place weren’t in place. This kind of thing is very hard to detect ahead of time through the supply chain
 
Exactly. Which is why you need a uniform process approach. One of my guys, when I worked in that field, designed a paper based system so good that, it’s now his bread and butter as a lecturer.
 
Boris Sprinkler said:
Exactly. Which is why you need a uniform process approach. One of my guys, when I worked in that field, designed a paper based system so good that, it’s now his bread and butter as a lecturer.
Click to expand...
Interesting, do you know any more about it?

Lots of postit notes?
 
Now. It’s actually an excel based system of assessments and questionnaires, allowing to categorize suppliers based on the function of their product/software/design and architecture of their connections to other third parties. He found it lifts and shifts quite easily so he quit the corporation to sell it to others. Or at least he did. I don’t know what happened post COVID. I’m no longer in that world.
 
ska invita said:
There's been a few since thread last posted on and this one explicitly pinned on Russia

www.theguardian.com

Cyber-attack on London hospitals to take ‘many months’ to resolve

Exclusive: NHS source says clarity needed on how Russian hackers gained access and whether records are retrievable
www.theguardian.com www.theguardian.com
Click to expand...
I spoke to my GP earlier to arrange a routine cholesterol test. He said that there was no point taking one for at least four weeks, because they were not able to process any blood tests because of the cyber attack.
 
So supposeldy recent breaches of TfL, Hackney council and Royal Mail
THis website is interesting....
TfL hacked by 17 year old from Walsall
thehackernews.com

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

17-year-old arrested over cyber attack on TfL, exposing 5,000 customers' sensitive data. Investigation ongoing.
thehackernews.com thehackernews.com
Possibly same kid doing MGM Resorts
thehackernews.com

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Teen arrested in UK for links to global cybercrime group. Suspected Scattered Spider member connected to MGM Resorts hack.
thehackernews.com thehackernews.com
22 year old from Scotland caught doing the same style hack
thehackernews.com

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

Scattered Spider member arrested in Spain. Group evolves tactics, targets SaaS apps for data theft. FBI prepares charges against hackers tied to high-
thehackernews.com thehackernews.com
So maybe for from being Russian espionage

...talking of Russia that site has several stories about Russia being attacked by anti-Putin hackers
such as
thehackernews.com

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

Twelve hacktivist group targets Russian entities with destructive cyber attacks, using public tools for maximum damage without financial gain.
thehackernews.com thehackernews.com
 
Attribution is incredibly difficult to prove. And TTP’s from threat actor groups will often use subterfuge and obfuscation.
I’ve seen leaked data from US weapons companies left on a sever belonging to a Scandinavian bioethanol research firm. That time it was supposedly Chinese. Other times it was Russians or a North Koreans.
Only common factor was the reporting entity of the Americans.
 
Boris Sprinkler said:
Attribution is incredibly difficult to prove. And TTP’s from threat actor groups will often use subterfuge and obfuscation.
I’ve seen leaked data from US weapons companies left on a sever belonging to a Scandinavian bioethanol research firm. That time it was supposedly Chinese. Other times it was Russians or a North Koreans.
Only common factor was the reporting entity of the Americans.
Click to expand...
in these cases they've made arrests but yeah could be a feint
 
In this case. And my experience of police forces is that they will see through an investigation where it is clear who the perpetrators are. Otherwise 🤷‍♂️
I have raised countless fraud cases with ncp. None followed up on.
I had to explain to Northumbria police what an IP address was way back in 2006 in order to assist them in their pursuit of a paedophile gang. We were also in a position to do what they couldn’t. And we did. And they were successful. But it was purely by accident or their luck.
 
You must log in or register to reply here.

Similar threads

Humberto
Heroin Addiction in the UK
3 4 5 6 7
Replies
181
Views
5K
BristolEcho
BristolEcho
PTK
Library services IT Fiasco for 14 local authorities in SELMS
Replies
11
Views
331
StoneRoad
StoneRoad
mojo pixy
Immigration to the UK - do you have concerns?
74 75 76 77 78
Replies
2K
Views
64K
Elpenor
E
hash tag
Blind Date in the Guardian
2
Replies
48
Views
2K
MickiQ
MickiQ
Kid_Eternity
Is a revolution possible in the UK?
3 4 5 6 7
Replies
195
Views
7K
A380
A380
Back
Top Bottom