Incident Of The Week: 15K Accounts Breached At U.K. Credit Union
In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.
Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.
In this edition of “Incident of the Week,” we examine a data breach that affected 15,000 members of a U.K.-based credit union.
Threat actors targeted the Sheffield Credit Union (SCU), and officials have warned against the potential compromise of personally identifiable information (PII). SCU said information including names, addresses, national insurance numbers and bank details were accessed, according to a report from the BBC.
The same report notes that the attack happened on Feb. 14, 2018, but only emerged recently after hackers attempted to demand a ransom on the heisted data.
South Yorkshire Police reportedly worked with the SCU and Action Fraud to ameliorate the situation. The BBC notes that the Information Commissioners Office (ICO) was also made aware of the occurrence. The SCU also said its security has heightened since. Nevertheless, the credit union is being cautious in warning that the incident could find hackers looking to defraud customers.
The SCU pointed out in a letter to its members that the breach "may expose you to text messaging, cold calling and attempts to defraud.”
Chairwoman of Trustees, Fiona Greaves, reportedly said that hackers likely accessed the data in a “brute-force” attack, in which they overpower systems with password combinations to crack the proverbial code.
She said that members do not need to assume that the data loss will result in “wholesale fraud,” but that “people need to be aware.” The credit union also suggests that members monitor accounts for anomalous activity.
In a news release on the SCU site, the credit union wrote that in the wake of the attack, “and numerous other similar attacks on businesses large and small,” its aim is to keep members “safe from scammers.”
It offers helpful tips for effective cyber hygiene, some of which include:
- Use caution in giving out bank details; make sure you are 100% sure it’s the right organization
- Do not change bank details without thorough vetting/verification
- Only access a company’s official website; enter by typing the address in the browser
- Log out of systems after you’ve finished
- Add virus and malware protection to any device that uses the Internet (including IoT devices)
- Carry out regular software updates (allow for automatic ones if possible)
- In downloading software, ensure it’s from a reputable/verifiable source
- Count on updating your passwords regularly (and making them complex)
While these tips are aimed at the SCU member base, they are largely applicable for the enterprise – as security teams oversee awareness campaigns to educate staffers about proactive cyber behavior/hygiene.
Both health and financial data (highly sensitive) will continue to fall within the crosshairs of hackers. Password offensives such as the “brute-force” attack can become a true thorn in the side of IT security practitioners.
In a recent article for the Cyber Security Hub, Integral Partners’ Director of Information Security Services, Kayne McGladrey, said, “Multi-factor authentication (MFA) that incorporates User Behavior Analytics (UBA) is the lowest-cost and easiest solution for organizations to prevent both credential stuffing and password spraying attacks. These attacks both work because the user account is typically protected with a password which may be stolen or guessed, and which may be reused at multiple websites and cloud services.
“MFA requires that the user provide a second form of authentication to access a cloud service… Modern MFA solutions incorporate UBA, which can require MFA only when the user is doing something unusual… This simple and elegant solution can protect both non-privileged business and privileged users.”
Be Sure To Check Out: Incident Of The Week: Drupal Vuln. Being Exploited By 'Muhstik' Botnet