http://www.fundamentalsfirst.co.uk/

Fundamentals First, Leeds (2026)

30/03/2021

A sponsored state cyber-attack is most likely behind the attack that disrupted the live broadcast on Australia’s Channel Nine TV network on Sunday this week.

The broadcaster discovered that it was not able to go on air for its normal Sunday morning programmes, forcing it to tweet “A cyber-attack on our systems has disrupted live broadcasts today however, we have put processes in place to ensure we’re able to resume our normal broadcast schedule.”

The attack had not disrupted Channel Nine’s email or website.

Alicia Loxley, the Nine Afternoon News Melbourne presenter updated viewers, saying “Cyber hackers have targeted Channel Nine in a massive ransomware attack bringing down its network Australia-wide…

Continue Reading...

https://fundamentalsfirst.co.uk/2021/03/30/cyber-attack-disrupts-australian-channel-nine/?utm_source=facebook.com&utm_medium=social&utm_campaign=ChannelNine30032021

25/03/2021

Earlier this week Sierra Wireless, a leading IoT manufacturer reported it was halting production in its manufacturing sites, taking offline key IT Systems and websites, as a result of suffering a ransomware attack.

Sierra Wireless products include network devices, routers, modems and other communications devices. The company believe that none of its customer facing products have been affected by the attack.

Details of what type of ransomware attack and the demands have not yet been disclosed. The attack started on March 20th, with Sierra Wireless disclosing it on March 23rd. As soon as the company learnt about the attack their IT teams followed their emergency cyber security procedures. They hope to bring internal systems, websites, and production sites back online soon.
Sierra Wireless’s annual revenue was $448.6 million in 2020. As part of the disruption, first quarter 2021 results have been delayed due to the uncertainty of the impacts this attack will have on the company.

As of Thursday 25th, the main https://www.sierrawireless.com/ remains down, and replaced with a single message:
Sierra Wireless announced on March 23rd that it was the subject of a ransomware attack on its internal IT systems and websites. We believe the attack has been addressed, and are currently working to bring Sierra Wireless’ internal IT systems back online, including our websites.

We believe the impact of the attack was limited to Sierra Wireless internal IT systems and corporate websites, as we maintain a clear separation between our internal IT systems and customer facing products and services.

In response to the ransomware attack, we have halted production at our manufacturing sites, and believe we will restart production and resume normal operations soon.

Ransomware remains a significant issue for organisations. It is estimated that there are 4000 ransomware attacks daily, with organisations that pay average a payment of £169,000 and experience an average of 19 days downtime.

It is estimated this year that a ransomware attack will occur every 11 seconds.

Cyber-attacks are an ongoing fight against unknown actors. With more state backing, these attacks are becoming increasingly well-funded, complex and common.

Contact Fundamentals First about how our outsourced Security Operations Centre (SOC) will operate as an extension to your in-house teams, providing the increased protection you require.

https://fundamentalsfirst.co.uk/cyber-security-solutions/?utm_source=facebook.com&utm_medium=social&utm_campaign=SierraWireless250321

09/03/2021

The European Banking Authority has joined over 30,000 other government and commercial organisations that have been known to be hacked due to four exploits found in Microsoft’s Exchange Server software. The hack seems to be rapidly growing in the wild, with estimates suggesting at least 60,000 plus victims globally, including small to medium sized businesses. With its rapid spread globally, it is assumed that other hacking groups are now exploiting the same vulnerabilities.

The unknown Microsoft vulnerabilities have been exploited in attacks since January. The Microsoft Threat Intelligence Center (MSTIC) has accused the Chinese state-sponsored cyber hacking group known as Hafnium.

The attack gains access to Exchange servers using unknown vulnerabilities or stolen credentials. It then creates a web shell to gain control of the server and allows access to virtual remote servers. From here, Malware can be installed, and data can be stolen.

If you’re running Exchange servers on-premise and you haven’t patched them recently, there’s a very likely chance that your organisation is already compromised. The hack does not affect Exchange Online.

Read the whole article - https://fundamentalsfirst.co.uk/2021/03/09/outsourced-soc-fight-against-microsoft-hack/?utm_source=facebook.com&utm_medium=social&utm_campaign=MSHack09032021

08/03/2021

A sure-fire method to get into the networks of some of the biggest tech companies out there. Security researcher Alex Birsan has successfully demonstrated a potential supply chain attack, and in the process the proof-of-concept exploit was installed on systems in Apple, Microsoft and thirty three other companies. Multiple organisations have paid the researchers “bug bounties” totalling $130,000 so far for finding these vulnerabilities.

Like other supply chain attacks, the attack works by subverting trusted upstream systems such that the real target downloads and installs a compromised update. However, in this case the target systems were tricked into replacing internal packages with compromised versions from an external source.

This exploit specifically attacks a “mixed ecosystem” of open source and proprietary code, and it exposes a lack of maturity in both technology and common practice when it comes to patching systems.

Read the whole article - https://fundamentalsfirst.co.uk/2021/03/08/proof-of-concept-exploit-affects-apple-microsoft-others/?utm_source=facebook.com&utm_medium=social&utm_campaign=AlexBirsan08032021

02/03/2021

A report detailing the Operational Technology Cyber Attack on India’s power grid by Chinese state-sponsored threat actors ‘Red Echo’, has sparked accusations and denials this week.

On October 12th 2020, grid failure in Mumbai resulted in a 2 hour power outage, shutting business and stopping national transport. The report by the US-based Recorded Futures released on Sunday, through large-scale automated network traffic analytics and security analysis, discovered that large increases in suspicious targeted intrusion activity had been found.

The ministry of power (POSOCO) officially stated “There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/ data loss has been detected due to these incidents.”

China has official denied responsibility, stating it is 'firmly opposed' to such irresponsible and ill-intentioned practices.

Cyberwarfare is now very much a real thing. State-organised and coordinated hacking that takes down national services affects us all, and can have devastating consequences.

With state backing seemingly common, cyber attacks are becoming increasingly well funded, driving more and more complexity and potential damage.

Cyber security is an ongoing fight against unknown actors. With more state backing, these attacks are becoming increasingly well funded, driving more and more complexity and potential damage. If you are running a production plant and want an Operational Technology Cyber Security Assessment of your estate, get in contact with Fundamentals First to start the journey of mitigating your cyber risk.

https://fundamentalsfirst.co.uk/cyber-security-solutions/?utm_source=facebook.com&utm_medium=social&utm_campaign=OTIndia020221

24/02/2021

French health care and boat building industry hit by cyber attacks on the same week

Shares in Beneteau, the sailing yacht and boat builder, dropped on Monday by 2.1% as a result of a cyber attack that started on February 18th.

Beneteau confirmed on Sunday night that a malware attack has taken grip of the company. The company detected a malware intrusion during the night of February 18th and disconnected its information systems to prevent a further spread. Systems included shutting down its telephone system, its extranet connecting it to its dealers and distributors, and its internal CRM.

While the company utilises it’s backup systems to restore systems to allow Beneteau’s activities to start again, production at some of its units, particularly in France, will have to slow down or stop over this week as they feel the effects of the incident.

As a result, the group asked its production operators not to come to work on Monday.

This is not the first time that the French boating industry has been in the news for a cyber attack. Last June the Fountaine-Pajot shipyard in La Rochelle was the victim of an attack that heavily affected its production of over 10 days.

The news of the Beneteau attack comes on the same week where two French hospitals were hit by crypto-virus RYUK. The hospitals at Villefranche-sur-Saône and Dax were paralysed by attacks, forcing the hospitals to return to paper systems, transferring some patients to other facilities, and postponing surgeries.

The French president, Emmanuel Macron, has promised to invest €1 billion in a national cyber security strategy, following the increased ransomware attacks.

https://fundamentalsfirst.co.uk/cyber-security-solutions/?utm_source=facebook.com&utm_medium=social&utm_campaign=French24022020

19/02/2021

North Korea has been accused of attempting to steal Covid-19 vaccine information from the US pharmaceutical company Pfizer. The apparent cyber attack was probably an attempt to steal chemical formula and production data regarding the Covid-19 vaccine, reported South Korea’s intelligence officials to lawmakers this week.

The attack, similar to the attacks believed to be of Russian origin late last year, are also believed to be by state-backed actors.

The attacks have occurred over several months, and have attempted to fool Pfizer employees into providing their passwords through fake login pages.

This type of attack is nothing new. North Korea has been accused of trying to steal confidential vaccine information from nine vaccine researchers in 2020. The science and production knowledge behind the vaccines ares some of the most valuable intellectual property on earth at this time. It is unsurprising that cyber terrorism has been quick to react, attempting to benefit from stealing the information.

Having developed Covid-19 vaccines in a fraction of the time it takes for normal treatments, pharmaceutical companies need to protect the valuable IP, supporting data and supply chains from cyber attacks. Robust cyber security in office based environments, and Operation Technology based cyber security within physical plants are required to reduce the risk of a successful attack.

The end to end development process is prone to attack. Research and Development Labs and Clinical Trials are open to IP theft. Within mass production, the manufacturing plants are open to attack in an attempt to steal IP, disrupt production, or even worse, change the product. Within the distribution channels, shipping the product can be disrupted or altered. In the case where vaccines require to be stored and shipped at low temperatures, an attack on a refrigeration unit could have a huge impact, ruining a whole shipment of the vaccine.

Cyber security is an ongoing fight against unknown actors. With more state backing, these attacks are becoming increasingly well funded, driving more and more complexity and potential damage. If you are running a production plant and want an Operational Technology Cyber Security Assessment of your estate, get in contact with Fundamentals First to start the journey of mitigating your cyber risk.

https://fundamentalsfirst.co.uk/security-operations-centre/essential-soc/?utm_source=facebook.com&utm_medium=social&utm_campaign=NorthKorea19022020

09/02/2021

Apple’s recent announcement that it will require an explicit opt-in from users to share personal data which could be used for tracking and targeted advertising, and Facebook’s reaction to it, have exposed the flimsiness of informed consent in data privacy.

The new consent step does not change anything in terms of tracking, it simply makes the user aware that they have the choice to opt-out. Facebook’s objections to the change, although framed in the interests of their small business advertisers, indicate how concerned they are about the impact of informed consent on their business model.

Since the advent of the GDPR many businesses have made a considerable investment in evidencing consent. However, in many cases how informed that consent really is is open to question, and the conflict between Apple’s user-centric approach and Facebook’s advertiser-centric approach flushes the issue out into the open – Apple’s paying customers are its users, while Facebook’s paying customers are its advertisers, and their interests are not aligned.

Any business model which is less than open about data privacy may be exposed to reputational risk, and some business models may become unsustainable.

https://fundamentalsfirst.co.uk/data-privacy/?utm_source=facebook.com&utm_medium=social&utm_campaign=ApplevFacebook09022021

03/02/2021

Almost the entire population of Brazil is now at risk of what could be the largest ever breach in history.

On January 19, 2021, it was discovered that the private data of over 220 million Brazilian citizens was leaked. The source of the leak is currently unknown.

Unfortunately, this is not the first time Brazil has come under fire for a large data breach. A significant leak of COVID-19 patients’ details earlier in 2020, due to weak encoded credentials in the source code of the Brazilian Health Ministry website, exposed personal data for over six months. Medical records are one of the most sensitive categories of personal data, and the leak exposed both living and deceased Brazilians’ medical records to possible unauthorised access.

The latest breach contained detailed information on 40 million companies and 104 million vehicles. The breach is said to have leaked personal ID numbers (CPF), dates of birth, and full names of nearly all the Brazilian population. The data also included Brazilian company identification numbers (CNPJ), corporate name, trade name and date of foundation of companies. It also included chassis number, license plate, colour, make, model, year of manufacture, engine number, fuel type and ownership location of vehicles. In total, the leak poses a risk to over 220 million Brazilians, effects companies and government agencies.

To cyber criminals, the combination of personal data and vehicle data is a very valuable asset for resale on the dark web. The personal data is useful for profiling people for many types of fraud activity, and the vehicle data can be useful for vehicle cloning.

Claiming to be from outside of Brazil, the criminal is selling the data on forums in small batches of 1,000 records each, for approximately $100 of bitcoins per batch.

Unfortunate for Brazil, it is becoming more and more commonplace to read about large data breaches in the press. Back in 2019 it was reported that a criminal was attempting to auction an illegal database containing personal information of 92 million Brazilian citizens. Registered as X4Crow, the criminal was not only selling the data, but offering a search service to retrieve detailed information on Brazilian citizens. This is also at a time where IT managers in Brazil are reporting insufficient budgets for cybersecurity, raising concerns around the continual security of personal and operational data for Brazilian organisations.

In August 2018, Brazil passed a comprehensive data privacy law called the General Data Protection Law (the Lei Geral de Proteção de Dados Pessoais, LGPD). Since the enactment of the LGPD, businesses and organisations doing business in Brazil have been ramping up and preparing for the implementation of the law.

However, the implementation time frame of the LGPD was hampered as a result of the COVID-19 pandemic and organisations being ready. Regardless, continued large scale breaches demonstrate the need for increased enforcement and improvement in data security in Brazil.

https://fundamentalsfirst.co.uk/data-privacy/?utm_source=facebook.com&utm_medium=social&utm_campaign=BrazilBreach03022021

01/02/2021

A group of cyber criminals working under the title ‘EMOTET’ have had thousands of devices seized in one of the biggest coordinated attacks on cybercrime the world has seen.

EMOTET has been one of the most well organised and enduring cybercrime organisations in the world and have been selling malware to criminal organisations to carry out data theft and extortion through ransomware.

One of the more common methods used by EMOTET is to deploy the malware via email attachments. The user receives an email with a document attached. The user is then asked to enable macros within the document, and that is when the malicious code hidden within the file is executed.

This story serves to highlight two key points. The first is that cyber criminals are becoming more and more sophisticated and it is vital that you have the right protection in place to do everything you can to prevent, detect and respond to these threats.

The second point is that awareness and training within your teams is critical, so they recognise suspicious emails and know how to deal with them.

At Fundamentals First we have security solutions that will protect you at any time of the day, as well providing awareness training to ensure your teams are fully prepared.

https://fundamentalsfirst.co.uk/security-operations-centre/essential-soc/?utm_source=facebook.com&utm_medium=social&utm_campaign=EMOTET01022021

25/01/2021

The cyber security company SonicWall has officially stated it was the victim of a coordinated attack on its internal systems.

The networking device maker said on Friday night that it is investigating a security breach that looked to be a part of a “coordinated attack” by “highly sophisticated” hackers. This is over a period where the company has seen a dramatic surge in cyber attacks on organisations providing critical infrastructure to businesses and governments. This increase includes not only traditional corporate technology, but also manufacturing and supply chain infrastructure within production plants and laboratories.

The breach looks to centre around the companies Secure Mobile Access 100 series.

With the increase in cyber attacks across all industries, and on cyber security firms themselves, multiple security solutions and a pro-active threat hunting team is the only way to continually protect an organisation.

If you are concerned about your organisations security, get in contact to discover how our Security Operations Centre can protect your endpoints, proactively monitor your network, and proactively hunt vulnerabilities.

https://fundamentalsfirst.co.uk/security-operations-centre/advanced-soc/?utm_source=facebook.com&utm_medium=social&utm_campaign=SonicWall250121

22/01/2021

Fundamentals First are delighted to announce that we have been awarded UK Government supplier status on the Digital Outcomes and Specialists 5 (DOS5) framework operated by the Crown Commercial Services.

The DOS5 framework is designed to help the public sector buy, design, build and deliver bespoke digital solutions and services.

Hamish Price, CEO Founder stated “We are proud to accept UK Government supplier status on the Crown Commercial Digital Outcomes and Specialists (DOS) framework. We continue to provide both public sector and private enterprise great services across the technology estate, from our IT Help Desk and virtualised Security Operations Centre, through to our digital application development and governance services.“

https://fundamentalsfirst.co.uk/?utm_source=facebook.com&utm_medium=social&utm_campaign=DOS5220121

Fundamentals First

30/03/2021

25/03/2021

09/03/2021

08/03/2021

02/03/2021

24/02/2021

19/02/2021

09/02/2021

03/02/2021

01/02/2021

25/01/2021

22/01/2021

Address

Telephone

Website

Alerts

Contact The Business

Shortcuts

Share

Category