Cyber security news roundup: November

Published on: 1 Dec 2020

We're rounding up some of the biggest cybersecurity stories of the past few weeks. This month, ransomware continues to cause havoc, Covid-19 attacks grow, and there are new insights into the state of the global security workforce.

New report highlights trends for 2021

A new report from cyber security software provider Sophos has highlighted some of the key trends the sector can expect to see over the coming 12 months. It pinpointed increasingly sophisticated ransomware and attackers looking to abuse legitimate tools and technologies in order to evade detection as among the major threats facing the sector in the coming year.

The Sophos 2021 Threat Report also warned that "everyday threats" such as commodity malware will require serious attention from security pros in the year ahead, as these will be increasingly used to give attackers an initial foothold in a target.

NCSC highlights Covid-related attacks

The National Cyber Security Centre (NCSC) has released its latest annual report into its activities over the past 12 months, with the 2020 edition noting a large number of attacks related to the ongoing coronavirus pandemic. In total, the NCSC handled 723 incidents in the year to August 31st 2020, of which 194 were Covid-related. 

Among the attacks were attempts by Russian-based hackers to target companies and universities working on potential vaccines. The body also revealed it has scanned over one million NHS IP addresses to check for weaknesses, finding 51,000 Indicators of Compromise in the process.

Manchester United hit by ransomware attack

Football club Manchester United became the latest high-profile organisation to fall victim to a ransomware attack in November, with the club confirming it is dealing with a "sophisticated" cyber attack that caused major disruption to its internal systems.

It has been reported hackers are demanding millions of pounds as a ransom to prevent the release of sensitive files, though the club has not confirmed this. The NCSC has also acknowledged the incident and is "working with law enforcement partners in response".

In a statement, Manchester United said: "Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations. This attack was by nature disruptive, but we are not currently aware of any fan data being compromised."

Global cyber security workforce reaches 3.5 million

A study by cyber security association (ISC)2 has revealed the number of professionals working in this sector around the world continues to grow. It found 3.5 million people now work in this field - an increase of 700,000 on the previous year.

This meant the ongoing cyber security skills shortage eased slightly in 2020 for the first time, due in part to increased talent entry into the field. However, there are still more than three million vacancies worldwide, with the number of security pros needing to increase by 89 per cent to fulfil demand from employers.

The survey also found high levels of job satisfaction among IT pros, with 75 per cent of respondents saying they are either 'somewhat' or 'very' satisfied with their work.

Ticketmaster hit with £1.25m fine over data breach

The Information Commissioner's Office (ICO) has hit Ticketmaster with a £1.25 million fine following a cyber attack on its website in 2018 that saw the personal and financial details of over nine million customers compromised.

A vulnerability in the firm's chatbot was identified as the cause of the breach, which led to tens of thousands of fraud cases. Barclays reported 60,000 customers fell victim to the attack, while Monzo issued 6,000 replacement payment cards. 

The ICO was particularly critical of the fact it took Ticketmaster nine weeks to begin monitoring activity on its payments page, despite multiple banks alerting it to suspected fraud. Deputy commissioner at the ICO James Dipple-Johnstone commented: "Ticketmaster should have done more to reduce the risk of a cyber-attack. Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud."