Cyber security jobs news roundup: January 2023
We’re rounding up some of the biggest cyber security stories of the past few weeks. In January, the UK and Ukraine held high-level cyber security meetings, Royal Mail was hit by Russian hackers, high-street retailer JD Sports suffered a large-scale data breach and NCSC experts have warned of prominent spear-phishing attacks.
UK holds bilateral talks with Ukraine cyber defenders
In their first visit to the UK since the beginning of the Russian invasion, a Ukrainian delegation was in attendance at the National Cyber Security Centre - a part of GCHQ - for talks to discuss the conflict and resilience building.
The NCSC has been offering consistent support for Ukraine since the start of the conflict. Paul Chichester, NCSC Director of Operations, said: “Ukraine has defended itself resolutely in cyberspace in the face of Russian aggression. This visit is an important moment in our relationship and an excellent opportunity to learn from each other.”
Since its creation in 2016, the NCSC has viewed Russia’s cyber capabilities and intentions as a threat to British interests. In recent months, several cyber attacks have been attributed to the Russian State, including SolarWinds, the targeting of the COVID vaccine supply chain and DDoS attacks on Ukraine’s financial sector.
Royal Mail hit by Russia-linked ransomware attack
Royal Mail, the UK’s largest mail delivery service, saw its overseas deliveries disrupted by a ransomware attack, forcing all international shipping services to come to a halt.
Just a few weeks later, the LockBit operation confirmed it was behind the attack via a post to a Russian-speaking hacking forum. The ransomware operator known as LockBitSupp claimed to have identified which affiliate carried out the attack, but would only be willing to offer a decryptor and delete stolen data upon the payment of a ransom.
A National Crime Agency spokesperson said the organisation was “aware of an incident impacting Royal Mail” and was collaborating with the National Cyber Security Centre - part of GCHQ - to investigate the impact.
Data of 10 million customers stolen in cyber attack
JD Sports announced that information “may have been accessed” by hackers, including names, addresses, email accounts, phone numbers and the final four digits of bank cards. The retailer claimed it was contacting affected customers, with the breach taking place between November 2018 and October 2020.
The attack related to orders placed online for JD Sports and its brands, which include Size?, Millets, Scotts, Blacks and MilletSport. It’s understood to only have been detected in January 2023, but only the historical data was accessed.
Neil Greenhalgh, Chief Financial Officer of JD Sports, said: “We want to apologise to those customers who may have been affected by this incident. Protecting the data of our customers is an absolute priority for JD.”
Spear-phishing warning given to UK industry targets
The UK has been warned of the growing threat from spear-phishing campaigns originating in Iran and Russia in a new advisory from the National Cyber Security Centre (NCSC). This involves an attacker sending malicious links to targets in an attempt to have them share sensitive information.
This advice comes as a result of extensive industry reporting and understanding. The NCSC has urged any individuals or organisations in the identified areas, that recognise the activities described in the advisory, to report it immediately.
The spear-phishing attacks are not aimed at the general public, but specific industry targets within defence, academia and government, as well as politicians, activists and journalists.