Cyber security news roundup: August 2022

We're rounding up some of the biggest cyber security stories of the past few weeks. In August, the NSCS issued new cyber security guidance for major infrastructure projects in the UK, research from Microsoft identified some of the most common errors that lead to breaches, and LastPass and the NHS reported cyber attacks.

More than 80% of ransomware breaches down to common errors

More than four-fifths of ransomware attacks take advantage of a few common errors such as misconfigurations of software and devices, new research from Microsoft has found.

The company's latest Cyber Signals report revealed that among the most frequent mistakes include applications being left in their default state, failing to impose access restrictions, misconfigured or untested security tools, poorly set up cloud applications, and organisations not applying Microsoft's attack surface reduction rules, which allows attackers to run malicious code using macros and scripts. 

Such basic errors may be especially costly in the new era of Ransomware-as-a-Service attacks, which have greatly lowered the barriers to entry for criminals. Microsoft added: "While many organisations consider it too costly to implement enhanced security protocols, security hardening actually saves money. Not only will your systems become more secure, but your organisation will spend less on security costs and less time responding to threats."

New guidance outlined to boost security on major infrastructure projects

The National Cyber Security Centre (NCSC) has set up a new series of guidelines intended to ensure organisations involved in critical joint venture infrastructure projects such as HS2 and Crossrail can improve their cyber security defences.

Such projects may be especially vulnerable to cyber attacks as they are highly complex, have huge volumes of data and involve multiple stakeholders across industry and government, the organisation said. It added that globally, construction firms involved in these large-scale projects are among the most targeted businesses by hackers.

Sarah Lyons, NCSC deputy director for economy and society resilience, said: "Joint ventures in construction are responsible for some of the UK's largest building projects and the data they handle must be protected to keep crucial infrastructure safe. Failure to protect this information not only impacts individual businesses but can jeopardise national security, so it’s vital joint ventures secure their sites, systems and data."

Recommendations within the guidance include establishing information security governance and accountability across the venture, having designated staff who are accountable for managing information security risks, and creating a shared strategy for protecting systems and data.

LastPass confirms source code stolen in data breach

Password manager LastPass has confirmed it has fallen victim to a data breach for the second time in 18 months, with hackers successfully stealing parts of the company's proprietary source code, though it has insisted that no customer passwords were compromised in the incident.

In a statement, the company, which claims to have 25 million users around the world, said it had begun investigating a potential breach two weeks earlier after detecting "unusual activity" within its developer environment. It added: "We have determined that an unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account."

The breach is now contained and there is "no evidence" that it involved access to customer data or encrypted password vaults, the company continued. However, many security experts recommend the use of managers to avoid some of the problems associated with weak or reused passwords, and some commentators have noted that if LastPass' source code has been compromised, this could be used as the basis for future attacks.  

NHS supplier cyber attack 'could take months to resolve'

It could be months before issues caused by an ongoing cyber attack on an NHS supplier are fully resolved, as doctors are forced to fill out patient records by hand, it has been stated.

The warning follows a ransomware attack on software and services provider Advanced that was first spotted on August 4th. Hackers succeeded in taking seven health systems offline, including software used for patient check-ins, medical notes and the NHS 111 service. The BBC reports that as a result of this, patient care notes are having to be written by hand, which is creating a mounting backlog of paperwork.

Advanced has said it may take another 12 weeks to get all services back online, but even then, it is likely to take several months to process the hundreds of thousands of manual records created in the meantime.

An NHS spokesperson said contingency plans are in place across local health systems. However, Prof Martin Marshall, chairman of the Royal College of General Practitioners, told the BBC the lack of access to patient notes is "concerning and needs to be addressed as a matter of urgency".