Ministry of Defence, Microsoft, and more!
As we approach the halfway point of 2024, we have already witnessed several significant cyber incidents that have had far-reaching impacts on major global organisations. These incidents have led to the likes of the MITRE, Microsoft and even the Ministry of Defence (MoD), 不得不回答全球最大的博彩平台这些事件是如何发生的令人不安的问题.
In this blog, 我们将重点介绍今年迄今为止发生的五大网络事件, examining what happened, who was affected, the fallout, 以及对网络安全实践的更广泛影响. 与我们一起报道这些重大的网络事件,并探讨我们可以从中吸取的教训.
Chinese State-Sponsored Cyber Attack Campaign
Hackers backed by China’s government spy agency have been accused by the US and UK of conducting a year-long cyber-attack campaign, targeting politicians, journalists, and businesses. The campaign, attributed to a Chinese state-sponsored hacking group, aimed to steal sensitive information, and disrupt critical infrastructure. These coordinated cyber attacks reveal the growing threat posed by nation-state actors and the need for international cooperation to combat hostile nation states or state backed cyber threats effectively. [source: The Guardian]
这些攻击表明,网络威胁并不仅仅来自投机取巧的网络罪犯, they also have the power of nation-states behind them. Organisations need to ensure they are regularly reviewing their cyber security posture to ensure that cyber defences are up to date and current best-practices are followed. A cyber security posture assessment can highlight the strengths of your organisation’s defences and also indicate where you should focus for improvement.
Ministry of Defence Data Breach
在本月初报道的一起重大数据泄露事件中, personal information of an unknown number of serving and former UK military personnel was accessed through a payroll system used by the Ministry of Defence (MoD). 泄露的数据包括姓名、银行详细信息,在某些情况下还包括个人地址. The breach, 哪个目标是由外部承包商管理的系统, did not involve any operational MoD data. 我们立即采取行动关闭了该系统,调查仍在进行中. 国防部长格兰特·沙普斯将概述一项应对计划, 其中包括保护受影响个人的措施.
然而,谁是这次袭击的幕后主使仍未被披露, this incident highlights the importance of securing supply chains and systems managed by external contractors and demonstrates how easily vulnerable products can leave even the most mature organisations exposed to persistent threat actors.
10 Steps to Cyber Security: Supply Chain Security
Paul Crumpton, Partner Services Manager at IASME joins the 10 Steps to Cyber Security Video Series to deep dive into Supply Chain Security.
MITRE R&D Network Penetrated
In another unfortunate tale of supply chain security, MITRE disclosed a significant cyber-attack in April 2024, orchestrated by state-sponsored hackers that exploited zero-day vulnerabilities in Ivanti VPN software.
MITRE are a key player in R&D为美国政府项目和广泛采用的MITRE ATT的作者&CK framework . The attack, 被认为是中国网络间谍组织UNC5221所为, targeted MITRE’s NERVE (Networked Experimentation, Research, 和虚拟化环境)用于研究和开发的非机密网络.
黑客利用漏洞CVE-2023-46805和CVE-2024-21887, 部署复杂的恶意软件,如BrickStorm和BeeFlush, 并使用泄露的管理员凭证创建恶意虚拟机.
这一漏洞再次强调了供应链安全的重要性, 第三方产品的漏洞可能成为重大网络攻击的切入点. Organisations looking to prevent these types of attacks should have rigorous vulnerability management and ensure they are using supply chain risk assessments to determine the best third-parties to work with.
尽管在神经基础设施内保持持续性并尝试横向运动, the attackers failed to access other resources. 这突出了架构和配置的重要性,就像黑客入侵了一样, their movement within the network was restricted and therefore reduced the damage these cyber criminals could do.
Microsoft Azure Data Breach
According to an article posted by Spiceworks, Microsoft’s premier cloud service, Azure, 2024年2月遭遇数据泄露,影响了数百个Azure高管账户, 引发了对大型云平台安全性的担忧. 这次入侵暴露了微软安全措施中的关键漏洞, similar to previous incidents.
The attackers exploited a zero-day vulnerability, CVE-2024-21410, in Microsoft Exchange servers, which allowed them to access and misuse Windows NT Lan Manager (NTLM) hashes to impersonate legitimate users. 多达97,000台Exchange服务器容易受到此漏洞的攻击,其严重等级为9.1. Additionally, 微软披露了另外两个零日漏洞:CVE-2024-21412, a security feature bypass, and CVE-2024-21351, a SmartScreen bypass vulnerability. 这些问题影响了2月13日更新之前的Exchange服务器版本.
The perpetrators are believed to be hacking groups from Nigeria and Russia using proxy services and phishing links embedded in documents, primarily targeting mid and senior-level executives. This attack, involving user impersonation, data extraction, and financial fraud, 这是首次在Azure平台上发生此类泄露事件.
Microsoft has since implemented measures to mitigate the impact of the breach and enhance the security of its cloud services. This incident brought Microsoft back under fresh scrutiny as a similar incident occurred in 2023 where Chinese-backed hackers were able to access sensitive data stored within the Azure platform [source: NPR]
这两起事件强调了经常性的重要性 vulnerability scanning and patch management. Organisations looking to mitigate risks from outdated software and zero-day vulnerabilities should ensure they have a robust patch management process and conduct regular vulnerability scans across their infrastructure and applications to maintain the integrity of their estate.
拥有如此庞大且不断发展的可定制产品和功能套件, 要跟上最新的Microsoft 365安全建议是很困难的. In a Microsoft 365 Security Assessment, CyberLab can help you ensure security in your day-to-day operations by reviewing your MS365 configuration against industry-standard benchmarks from the Centre for Internet Security (CIS).
Cyber Attacks on NHS Dumfries and Galloway
数字化转型彻底改变了流程和信息管理, especially within the healthcare sector. 然而,伴随着这些进步而来的是重大的网络安全挑战.
NHS Dumfries and Galloway faced significant disruptions due to a cyber attack targeting its systems. The attack, which occurred in early 2024, 引发了对敏感医疗数据和患者记录安全性的担忧.
尽管有关此次泄露的性质和范围的细节仍然有限, 这一事件凸显了网络攻击对关键基础设施构成的持续威胁, particularly in the healthcare sector.
Learn about the complexities of securing healthcare organisations amidst the evolving threat landscape and discover the strategies to mitigate risks in our Securing Healthcare Organisations blog.
In conclusion, the top five cyber attacks of 2024 so far serve as a stark reminder of the evolving threat landscape. By understanding these incidents and implementing a layered and strategic approach to cyber security, organisations can better protect their people, data, and customers.
Stay vigilant, continuously update your defences, 并确保您的事件响应计划是稳健的,以防范未来的网络威胁.
Book Your Free 30-Minute Consultation
我们的专家顾问会帮你减轻网络安全方面的压力.
无论你是否有一个紧迫的问题或大计划需要另一双眼睛, 在30分钟的免费会议中与专家顾问讨论.
