Skip to main content

Week 8

 Most recent Cybersecurity attacks: 2022  

 

British Council data breach 


The British Council, which provides English language courses to students worldwide, experienced a third-party data breach revealing more than 10,000 records. Researchers discovered an unprotected Microsoft Azure blob repository and reported the incident on the 5th of December 2021. 

  

The blob container (a group of data held in the cloud) was indexed by a public search engine. Clario Tech reported in a Mackeeper blog that the blob contained at least 144k xls, xlsx, xml, and Json files. 

  

The datasets held students’ personal data worldwide, including student IDs, full names, study duration, email addresses, and enrolment dates. 

  

Any student or individual that may have been affected by the data breach should change their password straight away. They should also watch out for suspicious-looking emails and links.

 

The NHS Trust data breach 


The NHS trust, which provides healthcare services in Birmingham and Sandwell, experienced a ‘significant IT data loss incident’ that impacted patient care and staff. The data loss incident disrupted more than twenty systems and was caused by a ‘recommended update.’ Fortunately, no patient data was accessed or exposed. 


Apple 'zero-click' malware

 

Apple became aware of a software flaw that allowed attackers to introduce spyware. The spyware has been attributed to Israel’s NSO Group. Apple recently issued an emergency software fix as part of the iOS 14.8 update. 

  

The most worrisome part of this malware threat was that an iPhone, Mac computer or Apple Watch could be infected without the user clicking on anything. Known as a zero-click exploit, the attacker can hack into the user’s device, and because no click is required, the victim has no opportunity to spot the attack. 

Zero-click exploits are costly and highly sophisticated. So, they are usually leveraged to attack specific individuals rather than the population. 


Health workers phishing fraud 


Coronavirus awareness has become the latest tactic of cybercriminal gangs targeting healthcare professionals. In this instance, the cybercriminal sends an authoritative-looking phishing email to healthcare professionals, with the subject line ‘ALL STAFF: CORONA VIRUS AWARENESS.’ 

  

The email instructs the reader to register for a compulsory survey and seminar about the deadly virus. Any healthcare team member that clicks the link and completes the registration form ends up giving their personal information to the hackers. 

This article attracted my interest because it displays various kinds of Cybersecurity attacks and helps educate me to stay safe by knowing what risks to look out for. I learned not to click on links in emails to do any registration.  

 

Source: OmniCyber 

Web Address: www.omnicybersecurity.com 

 

Comments

Post a Comment

Popular posts from this blog

System Hardening Week 9

  Assume Breach and Be Proactive: Traditional cybersecurity is reactive, responding to known attack methods. However, sophisticated adversaries continuously evolve their tactics to bypass security solutions. Threat hunting operates under an “assume breach” mindset. It seeks to uncover indications of attack (IOA) that haven’t been detected yet. The goal is to outthink the attacker by identifying and mitigating threats before they access sensitive data.
Post a Comment
Read more

Week 7 Cloud Computing.

  Cloud Computing vs. Internet of Things (IoT) Cloud Computing Cloud computing refers to the delivery of computing services (such as servers, storage, databases, networking, software, and analytics) over the internet ("the cloud"). Key characteristics include: ·          On-Demand Resources : Users can access resources as needed without physical hardware. ·          Scalability : Easily scale resources up or down based on demand. ·          Cost-Effectiveness : Pay-as-you-go pricing models reduce the need for significant upfront investments in hardware. ·          Accessibility : Access services from anywhere with an internet connection. Internet of Things (IoT) The Internet of Things (IoT) is a network of interconnected devices that collect and exchange data. These devices can include anything from smart home appliances t...
Post a Comment
Read more

week 10 Cloud Computing.

  File Storage Description: Structure: Hierarchical, using directories and subdirectories. Data Organization: Files are stored with metadata like filename, timestamps, and permissions. Advantages: Familiarity: Easy for users to understand and manage, akin to traditional file systems. Ideal Use Cases: Great for storing and managing documents, media files, and shared drives. Block Storage Description: Structure: Data is divided into fixed-sized blocks. Data Organization: Each block has a unique identifier, but no metadata is attached directly. Advantages: Performance: High performance and low latency. Flexibility: The operating system can be formatted and used as required. Ideal Use Cases: Databases: Suitable for database applications. Virtual Machines: Commonly used for VM storage and high-performance applications.  
Post a Comment
Read more