Ministry of Defence, Microsoft, and more!
As we approach the halfway point of 2024, we have already witnessed several significant cyber incidents that have had far-reaching impacts on major global organisations. These incidents have led to the likes of the MITRE, Microsoft and even the Ministry of Defence (MoD), having to answer uncomfortable questions as to how these incidents occurred.
In this blog, we highlight the top five cyber incidents of the year so far, examining what happened, who was affected, the fallout, and the broader implications for cyber security practices. Join us as we cover these major cyber incidents and explore the lessons we can learn from them.
Chinese State-Sponsored Cyber Attack Campaign
Hackers backed by China’s government spy agency have been accused by the US and UK of conducting a year-long cyber-attack campaign, targeting politicians, journalists, and businesses. The campaign, attributed to a Chinese state-sponsored hacking group, aimed to steal sensitive information, and disrupt critical infrastructure. These coordinated cyber attacks reveal the growing threat posed by nation-state actors and the need for international cooperation to combat hostile nation states or state backed cyber threats effectively. [source: The Guardian]
These attacks highlight that cyber threats don’t just originate from opportunistic cyber criminals, they also have the power of nation-states behind them. Organisations need to ensure they are regularly reviewing their cyber security posture to ensure that cyber defences are up to date and current best-practices are followed. A cyber security posture assessment can highlight the strengths of your organisation’s defences and also indicate where you should focus for improvement.
Ministry of Defence Data Breach
In a significant data breach reported earlier this month, personal information of an unknown number of serving and former UK military personnel was accessed through a payroll system used by the Ministry of Defence (MoD). The compromised data includes names, bank details, and, in some cases, personal addresses. The breach, which targeted a system managed by an external contractor, did not involve any operational MoD data. Immediate action was taken to take the system offline, and investigations are ongoing. Defence Secretary Grant Shapps is set to outline a response plan, which will include measures to protect affected individuals.
Whilst it has still not been revealed as to who is behind the attack, this incident highlights the importance of securing supply chains and systems managed by external contractors and demonstrates how easily vulnerable products can leave even the most mature organisations exposed to persistent threat actors.
10 Steps to Cyber Security: Supply Chain Security
Paul Crumpton, Partner Services Manager at IASME joins the 10 Steps to Cyber Security Video Series to deep dive into Supply Chain Security.
MITRE R&D Network Penetrated
In another unfortunate tale of supply chain security, MITRE disclosed a significant cyber-attack in April 2024, orchestrated by state-sponsored hackers that exploited zero-day vulnerabilities in Ivanti VPN software.
MITRE are a key player in R&D for US government projects and authors of the widely adopted MITRE ATT&CK framework . The attack, attributed to a Chinese cyber espionage group known as UNC5221, targeted MITRE’s NERVE (Networked Experimentation, Research, and Virtualization Environment) an unclassified network used for research and development.
The hackers leveraged vulnerabilities CVE-2023-46805 and CVE-2024-21887, deploying sophisticated malware such as BrickStorm and BeeFlush, and used compromised administrator credentials to create rogue virtual machines.
This breach again underscores the critical importance of supply chain security, as vulnerabilities in third-party products can serve as entry points for significant cyber attacks. Organisations looking to prevent these types of attacks should have rigorous vulnerability management and ensure they are using supply chain risk assessments to determine the best third-parties to work with.
Despite maintaining persistence and attempting lateral movement within the NERVE infrastructure, the attackers failed to access other resources. This highlights the importance of architecture and configuration as although the hackers got in, their movement within the network was restricted and therefore reduced the damage these cyber criminals could do.
Microsoft Azure Data Breach
According to an article posted by Spiceworks, Microsoft’s premier cloud service, Azure, suffered a data breach in February 2024 affecting hundreds of executive Azure accounts, raising concerns over the security of big cloud-based platforms. The breach revealed critical vulnerabilities in Microsoft’s security measures, similar to previous incidents.
The attackers exploited a zero-day vulnerability, CVE-2024-21410, in Microsoft Exchange servers, which allowed them to access and misuse Windows NT Lan Manager (NTLM) hashes to impersonate legitimate users. Up to 97,000 Exchange servers are vulnerable to this flaw, which has a severity rating of 9.1. Additionally, Microsoft disclosed two more zero-day vulnerabilities: CVE-2024-21412, a security feature bypass, and CVE-2024-21351, a SmartScreen bypass vulnerability. These issues affected Exchange server versions before the February 13th update.
The perpetrators are believed to be hacking groups from Nigeria and Russia using proxy services and phishing links embedded in documents, primarily targeting mid and senior-level executives. This attack, involving user impersonation, data extraction, and financial fraud, marks the first time such a breach has occurred on the Azure platform.
Microsoft has since implemented measures to mitigate the impact of the breach and enhance the security of its cloud services. This incident brought Microsoft back under fresh scrutiny as a similar incident occurred in 2023 where Chinese-backed hackers were able to access sensitive data stored within the Azure platform [source: NPR]
These two incidents underscore the importance of regular vulnerability scanning and patch management. Organisations looking to mitigate risks from outdated software and zero-day vulnerabilities should ensure they have a robust patch management process and conduct regular vulnerability scans across their infrastructure and applications to maintain the integrity of their estate.
With such a vast and evolving suite of customisable products and features, it can be hard to stay up to date with the most recent security recommendations for Microsoft 365. In a Microsoft 365 Security Assessment, CyberLab can help you ensure security in your day-to-day operations by reviewing your MS365 configuration against industry-standard benchmarks from the Centre for Internet Security (CIS).
Cyber Attacks on NHS Dumfries and Galloway
Digital transformation has revolutionised processes and information management, especially within the healthcare sector. However, with these advancements come significant cyber security challenges.
NHS Dumfries and Galloway faced significant disruptions due to a cyber attack targeting its systems. The attack, which occurred in early 2024, prompted concerns over the security of sensitive healthcare data and patient records.
While details about the nature and extent of the breach remain limited, the incident underscores the persistent threat posed by cyber attacks on critical infrastructure, particularly in the healthcare sector.
Learn about the complexities of securing healthcare organisations amidst the evolving threat landscape and discover the strategies to mitigate risks in our Securing Healthcare Organisations blog.
In conclusion, the top five cyber attacks of 2024 so far serve as a stark reminder of the evolving threat landscape. By understanding these incidents and implementing a layered and strategic approach to cyber security, organisations can better protect their people, data, and customers.
Stay vigilant, continuously update your defences, and ensure your incident response plans are robust to safeguard against future cyber threats.
Book Your Free 30-Minute Consultation
Our expert consultants are here to take the stress away from cyber security.
Whether you have a pressing question or big plans that need another pair of eyes, discuss it in a free 30-minute session an expert consultant.