Downing Street Attack | Funky Pigeon Breach | 3 Ways We Can Improve Security

25th April

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group

Downing Street Attack

Here in the UK, news has broken that Downing Street has been targeted with “multiple” suspected infections using Pegasus, the sophisticated hacking software that can turn a phone into a remote listening device.

In a report released by Citizen Lab at the University of Toronto, it was said that the United Arab Emirates was suspected of orchestrating these spyware attacks on Downing Street in 2020 and 2021.

Pegasus is the name of the hacking software – or spyware – developed, marketed, and licensed to governments around the world by the Israeli firm NSO Group. You may remember this name from previous news briefings. It has the capability to infect phones running either iOS or Android operating systems.

Citizen Lab added there had also been suspected attacks on the Foreign Office over the same two years that were also associated with Pegasus operators linked to the UAE – as well as India, Cyprus, and Jordan.

In a statement, Citizen Lab said:

“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks. These included: the prime minister’s office (10 Downing Street) and the Foreign and Commonwealth Office”.

“The suspected infections relating to the FCO were associated with Pegasus operators that we link to the UAE, India, Cyprus, and Jordan. The suspected infection at the UK prime minister’s office was associated with a Pegasus operator we link to the UAE.”

In response to this, the UK Government is taking steps to improve their security.

Source - No. 10 Breach - The Guardian

Source - No. 10 Breach - The Mirror

Source - No. 10 Breach - Security Boulevard

Source - No. 10 Breach - Citizens Lab

Funky Pigeon Breach

Staying with the theme of breaches, the well-known greetings card maker Funky Pigeon has also found themselves in the firing line. Funky Pigeon says it was hacked last week but does not believe customer payment data has been compromised.

They added that it is writing to all its customers from the past twelve months to provide details about the attack. At the time of writing, its systems were offline ‘as a precaution’. Meaning, they are unable to fulfil orders.

The company noted that the hackers had not accessed payment details, such as credit card numbers or bank accounts, and does not believe that passwords have been compromised.

In a statement, Funky Pigeon said:

“As soon as we discovered the incident last Thursday, we launched a forensic investigation led by external experts to understand the incident and whether there has been any impact on customer data.”

“We are currently investigating the extent to which any personal data – specifically names, addresses, email addresses and personalised card and gift designs – has been accessed.”

The incident marks the second cyber-attack on a UK retailer in the space of a month. At the beginning of April, The Works fell victim to a cyber-attack which forced the company close five shops and suspend deliveries. Investigation work continues.

Source - Funky Pigeon Attack - InfoSec Magazine

Source - Funky Pigeon Attack - The Independent

Source - Funky Pigeon Attack - Metro

Source - Funky Pigeon Attack - The Guardian

We are currently investigating the extent to which any personal data – specifically names, addresses, email addresses and personalised card and gift designs – has been accessed
Funky Pigeon statement

3 Ways We Can Improve Security

Finally, Joanna Burkey, CISO at HP has published an article titled “3 Ways We Can Improve Cybersecurity”.

Beginning her article, she writes how there are many reasons for optimism in cybersecurity. “Defenders are maturing in their approach, we're getting better at articulating cyber threats in the language of business risk, and we're continually improving cross-sector collaboration.”

She notes that we still face a challenge navigating the changing threat landscape. She believes that the cybersecurity industry needs to build on the positives by understanding cyber strategy more clearly in the context of good corporate governance, and by addressing the growing diversity and skills gap within the cybersecurity talent pool.

Her three suggestions can be read by checking out the full article linked below:

Source - 3 Ways We Can Improve Security - Dark Reading

If you want to get in touch then give us a shout