What Companies Are Putting Your Cyber Security At Risk | Uber Breach Update | Scam Energy Bill Messages

September 26th

Article by Christopher Lauder, Client Engagement Executive, Rela8 Group

What Companies Are Putting Your Cyber Security At Risk?

In a new article, Which? has been working with security experts Red Maple Technologies to assess 25 of the largest companies across five consumer industries – airlines, supermarkets, banks, energy, and water. When examining their combined revenue, it exceeds £568 billion and have a combined annual profit of just under £50 billion.

Red Maple, using their FractalScan Surface passive scanning tool, found 317 potential security issues with their online presences. Of these, 308 were rated as ‘high’ and nine as ‘critical’ – the highest level of severity. Below is a list of the issues found for each industry ranked by severity.

  1. Banks – 116 issues.
  2. Airlines – 66 issues.
  3. Supermarkets – 56 issues.
  4. Energy Firms – 53 issues.
  5. Water Providers – 26 issues.

It is important to note that each issue doesn’t mean that the company has been hacked. What it does represent is a possible vector of attack for a hacker.

Many issues were related to weak encryption – such as websites running HTTP rather than HTTPS. In one instance, the researchers were able to find an internal dashboard hosted by a water company, which gave details of the company’s internal infrastructure. Furthermore, many organisations were running software which is out of date. But who were the worst offenders?

  • Banks – HSBC, Lloyds, NatWest, Santander, and Barclays had the most issues. Generally, this was due to the thousands of websites and subdomains operated by the banks. The findings show that no customer data is at risk.
  • Supermarkets – Aldi, Asda, Morrisons, Sainsbury’s, and Tesco. These companies had the second most subdomains between them. During their research, they found that one of Tesco’s subdomains had actually been hijacked by a hacker.
  • Airlines – EasyJet, British Airways, Jet2, Tui, and Virgin Atlantic. All had high impact issues with their websites.
  • Energy Companies – British Gas, Eon, EDF Energy, Ovo Energy, and Scottish Power. These organisations had the highest number of ‘critical’ issues per sector.
  • Water Companies – Anglian Water, Scottish Water, Severn Trent Water, Thames Water, and United Utilities. Though these firms had the fewest number of issues, the researchers did note a lack of encryption across these companies.

For more context and information about all of these, the testing, and responses by the organisations in question, please check out the full article by Which? that is linked below.

Source - Companies Putting Security At Risk - Which?

Red Maple found 317 potential security issues with their online presences. Of these, 308 were rated as ‘high’ and nine as ‘critical’ – the highest level of severity

Uber Breach Update

Uber has added more detail to the narrative of its latest breach of security controls, saying the compromise of an external contractor’s credentials was the starting point for the attack. It also believes the attacker was linked to the Lapsu$ extortion gang.

In a statement last Monday, the company said:

“It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device had been infected with malware, exposing those credentials.”

The attacker repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.

“From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.”

Uber believes the attacker (or attackers) are affiliated with the Lapsus$ gang, which earlier this year was thought to have been seriously damaged when U.K. police arrested seven people between the ages of 16 and 21. Ultimately two teens who allegedly hacked for the gang were charged.

So far, Uber says, it has no evidence the attacker accessed its production systems, or the databases it uses to store sensitive user information, like credit card numbers, user bank account info, or trip history. Uber noted the company encrypts credit card information and personal health data. Among the actions Uber says it has taken as a result of this breach:

  • Any employee accounts that were compromised or potentially compromised have either been blocked or had to have a password reset.
  • Credential keys have been rotated, effectively resetting access to many Uber internal services.
  • Application codebases have been locked down to prevent any new code changes.
  • Employees accessing development tools have to re-authenticate. Uber said it is also “further strengthening our multi-factor authentication (MFA) policies.”
  • Additional monitoring of Uber’s internal environment has been added to keep an even closer eye on any further suspicious activity.

Source - Uber Breach Update - Uber

Source - Uber Breach Update - ITWorldCanada

Source - Uber Breach Update - Forbes

Scam Energy Bill Messages

Here in the UK, people are being warned to be vigilant as scams have been circulating that are pretending to be from the energy regulator Ofgem.

The scam messages invite people to apply for the £400 "non-repayable discount" and instruct the recipient to follow a link to a fake Ofgem website to then provide personal details. It then encourages people to set up a direct debit to receive the money.

More than 1,500 reports have been made to the National Fraud Intelligence Bureau about scam emails purporting to be from Ofgem about energy rebates. Detective Chief Inspector Hayley King, from the City of London Police, said:

"If an email is genuine, the company will never push you into handing over your details. All of the reported emails display the email subject header 'Claim your bill rebate now' and the criminals behind the scam are using the Ofgem logo and colours to make the email appear authentic."

The fraud protection service, Cifas, is also warning the public to stay vigilant, and has identified several scams specifically targeting consumers as a result of the cost-of-living crisis. Amber Burridge, Head of Intelligence for Cifas, said:

"Criminals are using a variety of ways to target unsuspecting victims in order to steal money and personal information that can be used to commit fraud. Remember that no matter how an offer comes to your attention, there are very few occasions where there is a legitimate need to hand over your bank details."

Source - Energy Bill Scams - BBC News

Source - Energy Bill Scams - Money Saving Expert

Source - Energy Bill Scams - Sky News

More than 1,500 reports have been made to the National Fraud Intelligence Bureau about scam emails purporting to be from Ofgem about energy rebates
If you want to get in touch then give us a shout