This week, we discuss suspicious activity on online National Lottery players’ accounts, 900,000 Deutsche Telekom routers knocked offline by the Mirai botnet, and a ransomware attack on the San Francisco transport system.
Hello and welcome to the IT Governance podcast for Friday, 2 December. December! Goodness me. Here are this week’s stories.
Camelot, the operator of the National Lottery, has warned its 9.5 million registered online lottery players of “suspicious activity on a very small proportion” of accounts. Around 26,500 players’ accounts were accessed and fewer than 50 had “some activity take place within the account” – activity that was limited to personal information being changed. The 26,500 account holders’ passwords have been compulsorily reset. So, what happened? It seems, once again, that password reuse is to blame. Camelot was at pains to make clear that “there has been no unauthorised access to core National Lottery systems or any […] databases” but that “the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details”. But, with more than 1 billion records having been exposed so far this year, that’s hardly surprising. Don’t. Reuse. Your. Passwords.
The German Office for Information Security reports that around 900,000 Deutsche Telekom routers were knocked offline earlier this week, apparently as a result of cyber criminals attempting to expand the Mirai botnet. Mirai has garnered a lot of press coverage in the last few weeks, especially following the two massive DDoS attacks that hit the websites of such household names as GitHub, Netflix, Spotify, Reddit, Twitter, and even the British government when Dyn – the managed DNS service they all use – was attacked. (Listen to our 28 October podcast for more details.) Deutsche Telekom is now offering a firmware update for the affected routers. Users are advised to power off their routers, wait 30 seconds, and switch on again. The new firmware should be downloaded during bootup. The lesson here? Change your default passwords from the likes of ‘admin’, ‘user’ and ‘password’ to something secure – and unique.
More than 2,000 computers used to operate Muni, the San Francisco transport system, were reportedly infected with ransomware at the weekend, forcing the Municipal Transportation Agency to allow passengers to ride for free. According to The Register, which saw the ransomware masters’ emails, “office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and station kiosk PCs” were all infected. The extortionists demanded 100 bitcoin (about US$73,000) for the decryption key – a ransom that the agency rightly refused to pay. On Monday, Kristen Holland, a spokesperson for the SFMTA, said: “The situation is now contained, and we have prioritized restoring our systems to be fully operational. As this is an ongoing investigation, it wouldn’t be appropriate to provide additional details at this time.”
Well, that’s it for this week. The usual plea: if you enjoy these podcasts, please share them using the hashtag #itgpodcast, and, until next time, remember that you can keep up to date with the latest information security news on our blog. And don’t forget to check out December’s book of the month, The Security Consultant’s Handbook by Richard Bingley. Distilling the author’s fifteen years’ experience as a security practitioner, and incorporating the results of some fifty interviews with leading security practitioners and a review of a wide range of supporting business literature, The Security Consultant’s Handbook provides a wealth of knowledge for the modern security practitioner. Save 10% if you buy by the end of the month.
Whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.