A cybercriminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack last year. Last year in October, the council was hit with serious cyber-attack. The council is working with UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate the impact of the incident. The stolen documents contain very sensitive information such as “passportsdump”, “staffdata” and “PhotoID” and were posted on a darknet.
<p>Whenever an organisation is in the position of dealing with a demand of ransom from a cyber-attack, the time for securing data has passed. At best there is a hope the attackers will do as they state and not release the data, but there is nothing to say that copies didn’t otherwise exist, and the attackers view the ransom as but one of a number of revenue streams associated with the data. While there is value in performing post-incident forensic analysis, the best analysis is performed prior to the incident. Such analysis should include an understanding of which data attributes are accessible to which employees, contractors or third-party services and what controls and protections are in place to limit the scope of damage should a compromise of any staff or external system occur. This forms a data supply chain analysis and is similar to the risk analysis organisations should be performing on their software supply chains. Ultimately, the goal of these efforts should be a comprehensive threat model that includes an understanding of what monitoring actions and alarms should be in place to detect attempts to circumvent cybersecurity measures. While this effort might not prevent a ransomware attack, it could limit the scope of damage within the organisation and increase the difficulty an attacker might have when attempting to access any data.</p>
<p>Ransomware attacks will continue to be a serious threat to the public and private sector in 2021. Companies shouldn\’t lapse into a sense of normalcy by any stretch of the imagination because even though the worldwide number of new ransomware strains continues to shrink, many cyber criminals have perfected their tactics and are reaping the benefits with massive ransoms being paid out. For the Hackney Council and other organizations in the UK, a proactive security approach needs to be the priority in 2021. What I mean is that security teams and IT professionals responsible for security need to be actively hunting in their own networks for malicious activity. Taking the first punch in the battle with threat hunting that can root out suspicious behaviour is paramount in turning the tables on cybercrime. In addition, Hackney Council employees and anyone associated with the organization should never click on attachments in emails unless the source can be verified. Also, never download content from dubious websites. And implement security awareness training to yield meaningful results, when included with other cyber awareness training that becomes part of a company\’s security culture.</p>
<p>Unfortunate victims that are affected by the Hackney Council breach will want to stay aware of phishing attempts by the bad guys that downloaded the breached data. The bad actors will surely send targeted phishing emails and texts in an effort to leverage the data included in the breach to gain more personal information from the victims.</p>
<p>Cybercriminals exploit confusion and uncertainty. The pandemic has been a case in point with a huge rise in scams, and during this new lockdown we can expect to see more cyber-attacks like this. While these cyber-attacks are inevitable, their success needn’t be.</p> <p> </p> <p>We know the scams and hacks are coming. Institutions, their employees, and other stakeholders must understand what is at stake: personal data is worth more than ever on the dark web – bank details, passwords, and much more. A lack of cybersecurity solutions in place will let the hackers in. </p> <p> </p> <p>Councils and other state institutions have a responsibility to deploy fully up-to-date cybersecurity that tracks and defends against new threats. But employees and other stakeholders also have a role to play: making the job of cyber attackers as difficult as possible. How? By improving their cyber hygiene through constant vigilance and exercising zero trust.</p>
<p>Although it\’s not clear exactly what information was contained in the stolen data, much of it appears to be scans or copies of identification, such as passports. Those documents contain sensitive information that cybercriminals could use to target people whose data was stolen. Victims should be on the lookout for phishing emails and other messages impersonating Hackney Council or some other authority. Never click on links or attachments in an unsolicited email, and always verify the sender\’s identity before responding.</p> <p>Passports scans and other photo ID can also be used as part of an identity fraud scheme. Such scans can be used to open financial accounts for money mules and bank drop scams, for example. Additionally, <wbr />multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites. These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access.</p>
<p>The continued and increasing number of cyber-attacks on public sector organisations such as Hackney Council is a growing cause for concern. Especially considering the public sector impacts so many lives and often holds sensitive personal data for millions of people. This makes the public sector a prime target for cybercriminals as attacks such as this can present significant consequences for society. The public sector relies on their reputation to gain the trust of the public to operate efficiently to successfully achieve running a town, region, or country with often limited budgets – which have been further squeezed due the pandemic. Therefore, it’s imperative for public sector organisations to have a water tight security solution to limit the risk of a cyber-attacks and simultaneously reassure the public that their data is secure which in the long run saves organisations money instead of being forced to pay ransom.<u></u><u></u></p> <p> </p> <p>It’s recommended that paying a ransom should be avoided and organisations should never give into pressure as there is no guarantee data will be decrypted – and as long as organisations continue to pay, attackers will view this attack approach as being financially viable. This also give criminals the impression that in future they can target these organisations again for payment.<u></u><u></u></p> <p> </p> <p>Mitigating ransomware attacks by implementing robust security measures is always the recommended approach to avoid significant downtime and preserve business as usual. Individual employees can also assist by educating themselves on the risks of potential phishing emails and to be aware of the risks associated with opening unsafe attachments and email links.</p>