In this month’s podcast, the third to be recorded online, we took a broader view of the cyber threat landscape, expanding the scope of our topics to include more than just coronavirus-related issues. That’s not to say we don’t come back to COVID-19: the subject is still extremely important and appears to be here to stay. But from a cybersecurity perspective, the challenges presented by the pandemic – security in home working environments; employees targeted with COVID-19-related scams; reduction in oversight – have remained much the same since the lockdowns began.
Not so EasyJet
We begin by looking at the EasyJet breach that was announced in mid-May. 9 million customers affected and thousands of credit cards at risk. It’s not clear the company handled this particularly well, with Ian noting a lack of transparency over the disclosure process and the specific information at risk. GDPR comes into play, and we discuss whether the legislation is fit for purpose or if the £18 billion lawsuit against EasyJet has any hope of success.
Clearly the security practices in place at EasyJet were insufficient. The company has downplayed the severity of the issue, saying that only flight details and some personal information were stolen. As Ian notes, however, this data can be in-depth and, if it fell into the wrong hands, could be used for identity theft, phishing scams, and more.
It is still unclear who is responsible for the breach, and Chinese threat actors have been mooted – though as Tristan notes, this allegation was strangely premature and has since been dropped from coverage – but could it be Magecart?
Magecart – poor security or skilled attackers?
That threat is the next topic we tackle this month. The group (or groups, as there may be more than 30) has been a persistent thorn in the side of e-commerce for several years targeting credit card information at the checkout page. Is it a case of poor security rather than great skill? Sadly, it’s probably both.
As we learn more about Magecart, it becomes clear that many of the groups are highly skilled and, worst of all, patient. In a recent attack attributed to Magecart, it was reported that a data-stealing web skimmer had been deployed on the target’s checkout page for over eight months. This kind of persistence is always critical: but when it comes to retail, the longer a threat actor is embedded in a system, the greater the number of cards can be stolen. The FBI regularly puts out warnings about these groups. Maintaining an up-to-date CMS should b second nature for all companies involved in the processing of payment data. As Tristan notes, there’s really no excuse anymore.
Maze – a labyrinthine threat
Talking of data breaches, the next topic in the podcast is the Maze ransomware. Since late-2019, the threat actors behind it have been stealing data from their victims prior to encrypting systems and then using it for leverage in ransom payment negotiations. This tactic has been adopted by all the major ransomware and it shows no sign of abating.
In early February, Australian transportation and logistics company, Toll Group, was hit by ransomware and its systems were taken offline. By mid-March, Toll had still not fully recovered and was just getting back on track when a second ransomware attack struck. 200GB of data was stolen and subsequently leaked because the company refused to pay the ransom. That Toll Group is still a going concern is simply a testament to the size of the company, not its security practices, which are clearly woeful. For many businesses, one ransomware attack can be terminal.
COVID effects – tech-tonic shift or business as usual?
Lastly, we discuss the effects of COVID-19 on businesses and the apparent reticence of the government to condone anything but a return to the norm. We have talked, with striking certainty, in previous podcasts about the fact that this pandemic is likely to change the world of work in fundamental ways. That there would be a ‘tech-tonic’ shift using technology to allow people greater freedoms to work from home (those who are lucky enough to have jobs that can be done in this way). But it seems many of those in government who could spearhead this change are stuck in the nineteenth century.
Is the attempt to force MPs back into the house of commons to vote – resulting in a kilometre-long queue that took over an hour and a half – indicative of this government’s broader mindset? Will they miss all of the technological, environmental, democratic, and societal improvements that could be made in the wake of this health and economic crisis? Tristan doesn’t hold out hope.
If you enjoy our podcast, please subscribe to our YouTube channel and follow us on LinkedIn for all the latest blogs covering the intersection of cybersecurity and geopolitics. Essential reading for all businesses.