New Rules For UK Telecoms Network | Montenegro Cyber Attack | NATO Assessing MBDA Missile Systems Data Breach

September 5th

Article by Christopher Lauder, Client Engagement Executive, Rela8 Group


New Rules For UK Telecoms Network

Here in the UK, new rules have been introduced for broadband and mobile companies to better protect UK networks from potential cyber attacks.

The new telecoms regulations will be amongst some of the strongest in the world and aim to provide better protections for the UK from threats which could cause network failure or theft of sensitive information.

Last November, the Telecommunications (Security) Act became law. This gives the Government the power to boost the security standards of the country's mobile and broadband networks.

Telecoms providers are currently responsible for setting their own security standards across their networks. However, in the Telecoms Supply Chain Review conducted by the Government, they found that providers often have very little incentive to adopt the best security practices.

The new regulations and code of practice, developed with the National Cyber Security Centre and Ofcom, sets out specific actions for UK public telecoms providers to fulfil their legal duties in the Act. They will improve the UK’s cyber resilience by embedding good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services. The regulations are to make sure providers:

  • Protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed
  • Protect software and equipment which monitor and analyse their networks and services
  • Have a deep understanding of their security risks and the ability to identify when anomalous activity is taking place with regular reporting to internal boards
  • Take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services to enhance security

Ofcom will oversee, monitor and enforce the new legal duties and have the power to carry out inspections of telecoms firms’ premises and systems to ensure they’re meeting their obligations. If companies fail to meet their duties, the regulator will be able to issue fines of up to 10% of turnover or, in the case of a continuing contravention, £100,000 per day.

Source - New Rules For UK Telecoms - Gov

Source - New Rules For UK Telecoms - InfoSec Magazine

Source - New Rules For UK Telecoms - Tech Monitor

Source - New Rules For UK Telecoms - Digit News

If companies fail to meet their duties, the regulator will be able to issue fines of up to 10% of turnover or, in the case of a continuing contravention, £100,000 per day.

Montenegro Cyber Attack

Next we'll look further afield to Montenegro where the Government has provided more information about the attack which targeted its critical infrastructure.

It has been revealed that ransomware is responsible for the damage and disruption. The Public Administration Minister, Maras Dukaj, said that an organised cybercrime group is behind the attack, and that the effects of the incident have now been ongoing for more than ten days.

The attack has come with a ransom demand of $10 million and no estimation can be given as to when services will become available again.

Initially it was believed that the attacks were directed by Russian services. One day after making this claim however, Cuba Ransomware listed the Parliament of Montenegro as its victim and claimed to have stolen financial documents, bank correspondence, balance sheets, tax documents, compensation, and source code. This information has been published on the free section of their website and is available to anyone.

Source - Montenegro Cyber Attack - Bleeping Computer

Source - Montenegro Cyber Attack - Euro Reporter

Source - Montenegro Cyber Attack - Reuters

NATO Assessing MBDA Missile Systems Data Breach

Finally, NATO is now assessing the impact of a data breach suffered by MBDA Missile Systems which saw classified military documents being sold online.

The information that is being sold includes blueprints of weapons that are being used by NATO allies in the Ukraine War. It is believed that the information was hacked from a compromised external hard drive, and MBDA is working in cooperation with the Italian authorities, where the breach took place.

Cyber criminals operating on Russian and English forums are selling 80GB of the stolen data for 15 Bitcoins (approximately £273,000) and claimed to have sold the stash to at least one unknown buyer so far.

In their advert for the stolen data, the hackers claim to have "classified information about employees of companies that took part in the development of closed military projects" as well as "design documentation, drawings, presentations, video and photo materials, contract agreements and correspondence with other companies".

In a statement, a NATO spokesperson said: "We are assessing claims relating to data allegedly stolen from MBDA. We have no indication that any NATO network has been compromised."

Source - MBDA Missile Systems Breach - BBC News

Source - MBDA Missile Systems Breach - Fortune

Source - MBDA Missile Systems Breach - Dark Reading

The hackers claim to have "classified information about employees of companies that took part in the development of closed military projects"
If you want to get in touch then give us a shout