Weekly Threat Report - 13th April 2018
Report's are drawn from recent open source reporting, see the latest report here:.
Recent data breaches: GWR and Sodexo
Great Western Rail has advised customers to change their passwords after unauthorised attempts to access GWR.com accounts. The attack likely used password data harvested from other areas of the internet. GWR confirmed that around 1,000 users have been directly affected.
Separately, the facilities management company Sodexo confirmed a targeted attack on its cinema voucher platform Filmology. As the breach resulted in unauthorised access to payment card data, the platform has been taken down for the foreseeable future. The company has advised Filmology users who used the service between 19 March and 3 April to cancel their credit cards. Advice to cancel payment cards is relatively unusual following a data breach.
The NCSC advices customers who have online accounts with companies who have reported a data breach to reset their passwords on every service where they have used a similar password.
For further advice, see the NCSC’s previously published password guidance, which individuals and organisations can use to help keep their online accounts secure.
Finnish data breach linked to supply chain
A recent compromise of a website belonging to the Finnish Enterprise Agency illustrates some of the risks associated with outsourcing. The maintenance and data security of the website was subcontracted to a third party organisation, which reportedly stored the passwords in clear text. The breach is estimated to have revealed the usernames and passwords of 130,000 users. The Finnish Communications Regulatory Authority has confirmed it as the third largest data breach in Finland to date, in terms of the number of user accounts compromised.
The NCSC advises against storing passwords in clear text and recommends that passwords are stored using a cryptographic hash.
When outsourcing services, we recommend reading the NCSC’s supply chain guidance. The threat via the supply chain was highlighted as one of the four key trends of 2017 in a joint report - ‘The Cyber Threat to UK Business’ - published by the NCSC and National Crime Agency earlier this week.