The website belonging to West Ham United seems to have suffered from a security issue that put their supporter data at risk. To prevent this from happening again, it is important to carry out security and user acceptance testing when websites are going live. To limit damage from the data leak, West Ham United fans who have accounts with the ticket site should start to pay close attention to their emails and watch out for phishing scams. It will be interesting to see how the ICO handles this security misconfiguration because putting sensitive data at risk is one of the biggest concerns within the GDPR.

It is unfortunate that the Nova Education Trust has been hit by a cyberattack, but just like any other industry, the education sector is prone to cyberattacks. Due to the introduction of remote learning and online schooling more avenues for attacks have opened up within the education system, and malicious actors are taking advantage of this fact. Therefore, although IT security may not be a priority for schools it desperately needs to be due to the current situation.

Even though the exact method of the attack is unknown, it still highlights the importance for schools to implement good cyber hygiene. In order to avoid attacks, the best defense is prevention. Updating and patching systems should be a priority for schools and mandatory for their pupils. This is especially necessary with the increase in laptops and other devices being used for remote learning, as the underlying systems for virtualisation that support these devices are often overlooked for various reasons. Security awareness training is also key for preventing cyberattacks as this can teach students and staff how to spot common attack vectors, such as phishing campaigns, as well as increase their understanding of the importance of cybersecurity. By instilling this mindset in students from a young age it will benefit them later in life by providing them with valuable skills necessary for navigating an increasingly digitalised society.

Until PrismHR confirms the exact cause of the outage, the industry can only speculate on what they believe is going on behind the scenes. However, if this does turn out to be related to ransomware the ramifications will be very serious. An attack like this will not only impact PrismHR but also its customers who will need access to systems in order to pay employees. If PrismHR does not have the correct security tools installed and a proper backup system in place this could prove extremely difficult. PrismHR, therefore, might find itself in a position where it has no choice but to pay the attackers, although this is not always recommended as this can further fuel future attacks.

Bombardier looks to be the latest victim to be hit following the discovery of vulnerabilities in Accellion FTA software. Rather than exposing customer information, the attackers have shared Bombardier’s Intellectual Property which will have massive ramifications for the company. It is positive to see that Bombardier has come clean on the breach and the more the company communicates information to its shareholders, the better. The attack is another lesson on the dangers of not running security scans on all assets used to share confidential information. Companies should be scanning for vulnerabilities across their entire IT estate as this will help minimise these types of attacks happening in the future.

This second breach of a customer of Accellion highlights the importance of ensuring that services used by an organisation are properly secured and that vendor security is taken seriously, as when you use their services you are still responsible for the data they handle for you. In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments of your organisation. When doing this make sure that contracts with vendors allow for this and also stipulate to the vendor their security obligations and your security requirements. Vendors should always be considering security in their offerings themselves. They should also take seriously good security practices when developing their services- performing security assessments, and implementing any identified remedial actions, as well as those reported to them from their customers.

Ransomware, just like all the various flavours of malware before it are here to stay. The motivations of the authors of malware have changed over the years, and as a result the methods they employ have changed too. The good thing this report is highlighting is how important it is to ensure every security patch is implemented and that it is implemented quickly. Some of the reports oldest highlighted vulnerabilities were not in Operating Systems but third party applications such as JBoss AS and a driver SYS file included within DVD and CD Cloning software. As Operating System patches are fixed quickly these ransomware authors will target whatever vulnerabilities they can leverage to get them in the position they need, developing reliable exploits for vulnerabilities that had none published or simple Proof of Concept exploits. The more time passes by on these older vulnerabilities, the more likely someone will develop a usable exploit to be used in ransomware. There is a huge backlog of potential security vulnerabilities, it just needs one to be left unpatched for you to become the victim of an attacker with the motivation to use it. So, it is ever more important to ensure that all security updates for all your software are applied as soon as possible, that includes your operating system, as well as first and third party applications. Plus, this doesn’t just affect Windows, but Linux and macOS users too.

As many IoT devices are essentially blackboxes of components used to do a specific single job, they use specialist embedded System-on-Chips (SoC) which have small amounts of storage. Therefore, it is understandable that so many have implemented barebones TCP/IP stacks that have re-introduced old security vulnerabilities, as these are devices that often have to work with limited resources and sometimes in real-time with limited CPU processing power.

So choices were made, however, the risk/threat assessment was geared towards a different set of goals. As a result, it is good practice to treat IoT devices as insecure and vulnerable to attack by default and to build controls around them to minimize risk. The affected platforms could be in the thousands of devices and as an end-user, it can be next to impossible to know whether you need to update the device. This pushes the responsibility to the device vendor using the vulnerable TCP/IP stacks to produce an update which installs the updated firmware that uses an updated stack to any affected devices, and ultimately ensure the device in question has the ability to accept a firmware update via some form of update mechanism.

Vulnerabilities in embedded devices are problematic due to their potential for being invasive in environments and having little functionality for end-users to manage coordinated updates, as many devices are ‘blackboxes’ of components pulled together to perform a single job. Depending on the device function there could be hundreds of devices, if not more, running vulnerable hardware modules. As a result, it is good practice to treat IoT devices as insecure by default and build controls around them to minimise risk.  In this case, for example, it is difficult to know what devices have the vulnerable Realtek WiFi module within them. Consequently, it can be impossible for end-users to know if they need to update their device. This pushes the responsibility to the device vendor using the Realtek module to produce an update that installs the updated module firmware to any affected devices and ultimately ensure the device in question can accept a firmware update via some form of update mechanism. It looks like the most serious of the vulnerabilities released in the Realtek 8195A module do not require knowledge of the WiFi password to exploit and thus use affected devices to gain access to networks containing the device. Therefore, if possible, it is recommended to install any available firmware updates and ensure network-level controls are in place to minimise the risk of the device being used as a stepping-stone into a wider environment.