Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Cyber Weekly Flash Briefing 11 September 2020: Ransomware 41% of H1 2020 cyber insurance claims, MS Critical RCE Bugs, 60% of emails May/June fraudulent, Insider Data Breaches, Linux Targeting More
Cyber Weekly Flash Briefing 11 September 2020: Ransomware 41% of all H1 2020 cyber insurance claims, MS Patch Tuesday Critical RCE Bugs, 60 percent of emails May/ June were fraudulent, Insider-Enabled Data Breaches, Linux-Based Devices Targeted More, Chilean bank shut down following ransomware, meddling in US politics by Russia, China & Iran, TikTok battles to remove video of livestreamed suicide
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Ransomware accounted for 41% of all cyber insurance claims in H1 2020
Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by one of the largest providers of cyber insurance services in North America.
The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today's most prevalent and destructive threats.
Ransomware doesn't discriminate by industry. An increase in ransom attacks has been seen across almost every industry.
In the first half of 2020 alone, they observed a 260% increase in the frequency of ransomware attacks amongst their policyholders, with the average ransom demand increasing 47%.
Among the most aggressive gangs, the cyber insurer listed Maze and DoppelPaymer, which have recently begun exfiltrating data from hacked networks, and threatening to release data on specialized leak sites, as part of double extortion schemes.
Why this matters:
Ransomware remains, and is likely to remain, by far one of the biggest menaces on the web, it is indiscriminate, anyone can be affected, it can be business destroying, and it is getting worse all the time.
Read more: https://www.zdnet.com/article/ransomware-accounts-to-41-of-all-cyber-insurance-claims/
Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said.
The most severe issue in the bunch is CVE-2020-16875, according to researchers. This is a memory-corruption problem in Microsoft Exchange that allows remote code-execution (RCE) just by sending an email to a target. Running arbitrary code could grant attackers the access they need to create new accounts, access, modify or remove data, and install programs.
Why this matters:
Many organisations are struggling to keep up with the volume of updates and keeping on top of them, or knowing which to prioritise, is critical for firms. At a time while many organisations continue to struggle to support the ongoing distribution of remote workers, Microsoft continues to pile on the updates and finding an efficient method for rolling out these patches has become even more imperative as companies begin to abandon the idea of a short-term fix and shift operations to embrace remote work as part of a lasting, long-term progression of how organisations operate moving forward.
Firms are beginning to realise the negative outcomes of the lenient security measures put in place to quickly adapt to a decentralised workforce and it’s become more important than ever to establish patching policies that can securely support remote endpoints for the foreseeable future.
Read more: https://threatpost.com/microsofts-patch-tuesday-critical-rce-bugs/159044/
60 percent of emails in May and June were fraudulent
The COVID-19 pandemic has seen a spike in scams, phishing and malware across all platforms and attack vectors. The latest mid-year threat landscape report from Bitdefender shows that in May and June, an average of 60 percent of all received emails were fraudulent.
In addition there’s been a five-fold increase in the number of coronavirus-themed attacks and a 46 percent increase in attacks aimed at home IoT devices.
IoT malware has become versatile, robust, and is constantly updated. IrcFlu, Dark_Nexus7 and InterPLanetary Storm are some of the examples malware that gained in popularity during the first half of 2020.
Mobile malware has been quick to capitalise too, with malware developers rushing to weaponise popular applications, such as the Zoom video conferencing application, used by employees now working from home. Packing RAT (Remote Access Trojan) capabilities, or bundling them with ransomware, banking malware, or even highly aggressive adware, Android malware developers were also fully exploiting the pandemic wave.
Why this matters:
As we keep saying malicious actors never let a good crisis or tragedy go to waste and will exploit whatever is going on in the world or anything there is a collective interest in to real in unsuspecting victims.
Good awareness and education are key in keeping your employees and users safe and ensuring users at all levels, including board members – who present a significant risk, are up to date with latest tactics and threats.
Email in particular will remain primary vector for attack and this is unlikely to change any time soon.
Read more: https://betanews.com/2020/09/08/60-percent-of-emails-in-may-and-june-were-fraudulent/
Businesses [should] Fear Insider-Enabled Data Breaches
Businesses fear suffering a data breach and expect it to be caused by an insider or internal error.
A survey of 500 IT professionals found that 94% of respondents have experienced a data breach, and 79% were worried their organisation could be next.
The fear associated with breaches stems from the security culture within the organisation, along with the security reporting structure.
Having security teams in close dialogue with executive leadership, supporting the leadership to make informed risk-based decisions and driving the business strategy, including the technologies used, reduces this fear significantly.
Secondly, not understanding information security, its components and principles drives fear and anxiety of the unknown, so having security education training, and developing awareness and consciousness of threats, will enable and empower the entire organisation to act with a ‘security first’ mindset.
Finally, recognising the importance of access control to protect systems and data is a foundational level control that organisations can apply to reduce the risk of a data breach. Hand in hand with this is partnering with trusted identity and access control platform providers who can provide enterprises with that security expertise and industry leadership.
Why this matters:
In terms of what is causing the breaches, 40% of respondents to the survey said accidental employee incidents were to blame, compared to 21% who said it is external attackers. Asked if this is a case of businesses not having a handle on what leaves their organisations (either intentionally or accidentally), insiders already have access and can leave with data invisibly, which might turn up somewhere embarrassing later.
Read more: https://www.infosecurity-magazine.com/news/businesses-insider-breaches/
4 top vulnerabilities ransomware attackers exploited in 2020
As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.
The biggest security trend for 2020 has been the increase of COVID-19-related phishing and other attacks targeting remote workers. New York City, for example, has gone from having to protect 80,000 endpoints to around 750,000 endpoints in its threat management since work-from-home edicts took place.
As noted in a recent Check Point Software Technologies mid-year review, “The first impact of the pandemic was the proliferation of malware attacks that used social engineering techniques with COVID-19 thematic lures for the delivery stage.” Domain names were set up and parked with names relating to the pandemic. As workers started to use videoconferencing platforms, attacks moved to attacking Zoom, Teams and other videoconferencing platforms.
One disturbing trend is that 80% of the observed attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier, according to the Check Point report, and more than 20% of the attacks used vulnerabilities that are at least seven years old. This showcases that we have a problem in keeping our software up to date.
Why this matters:
Ransomware remains a big threat 2020 and expanding attack surfaces with staff working from home is making the situation worse. Attackers use vulnerabilities in tools used for remote access into Windows networks.
Click read more below to find out the top four vulnerabilities the researchers identified.
APT Groups Increasingly Targeting Linux-Based Devices
APT groups are increasingly executing targeted attacks against Linux-based devices as well as developing more Linux-focused tools, according to an investigation by Kaspersky.
This is as a result of a growing number of organisations’ selecting Linux ahead of Windows to run their strategically important servers and systems, and the perception that the Linux operating system is safer and less likely to be targeted by malware as it is less popular.
However, threat-actors have been observed to adapt their tactics to take advantage of this trend, and Kaspersky noted that “over a dozen APT actors have been observed to use Linux malware or some Linux-based modules” during the past eight years.
These include notorious groups such as Turla, Lazarus, Barium, Sofacy, the Lamberts and Equation. Kaspersky highlighted the example of Russian speaking APT group Turla using Linux backdoors as part of its changing toolset in recent years.
Why this matters:
Attacks that target Linux-based systems are still fewer in number than attacks on Windows based systems, but there is still malware designed to target them, including webshells, backdoors, rootkits and even custom-made exploits.
Read more: https://www.infosecurity-magazine.com/news/apt-targeting-linux-based-devices/
Major Chilean bank shuts down all branches following ransomware attack
Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil.
According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident.
Sources close to the investigation reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and proceeded to open.
The incident was reported to the Chilean authorities, who issued a cyber-security alert that warned about a massive ransomware campaign targeting the private sector in the country.
Why this matters:
As above ransomware is not going away and is getting worse all the time. Too many users don’t realise that simply opening a document or clicking on a link in an email could bring down their entire organisations. Staff and users need to be educated about the role they play in securing their organisations.
Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls
Palo Alto Networks this week remediated vulnerabilities in PAN-OS (operating systems version 8.1 or later) which command injection, cross site scripting and the ability to upload unauhtoised files to a directory which might lead to denial of service.
Why this matters:
Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools.
Any security fixes for known vulnerabilities across any different product, software or firmware should be tested and applied as soon as possible, so those vulnerabilities cannot be used against you or your organisation.
Read more: https://www.helpnetsecurity.com/2020/09/10/vulnerabilities-discovered-in-pan-os/
Russia, China and Iran hackers target Trump and Biden, Microsoft says
Hackers with ties to Russia, China and Iran are attempting to snoop on people and groups involved with the US 2020 presidential election, Microsoft says.
The Russian hackers who breached the 2016 Democratic campaign are again involved, said the US tech firm.
Microsoft said it was "clear that foreign activity groups have stepped up their efforts" targeting the election.
Both President Donald Trump and Democrat Joe Biden's campaigns are in the cyber-raiders' sights.
Russian hackers from the Strontium group have targeted more than 200 organisations, many of which are linked to US political parties - both Republicans and Democrats, Microsoft said in a statement.
Why this matters:
The same attackers have also targeted British political parties, said Microsoft, without specifying which ones. Any meddling in politics by foreign states is a clear threat to the democratic process and shows that unfriendly states will interfere to further their own agendas.
Read more: https://www.bbc.co.uk/news/world-us-canada-54110457
TikTok battles to remove video of livestreamed suicide
TikTok is battling to remove a graphic video of a livestreamed suicide, after the footage was uploaded to the service on Sunday night from Facebook, where it was initially broadcast.
Although the footage was rapidly taken down from TikTok, users spent much of Monday re-uploading it, initially unchanged, but later incorporated into so-called bait-and-switch videos, which are designed to shock and upset unsuspecting users.
One such video, for instance, begins with a conventional video of an influencer talking to camera, before cutting without warning to the graphic footage.
Why this matters:
Parents, especially of younger children, may think that certain sites and social media channels are safe for children and the content is suitable vetted and controlled, but as this illustrates that is often not the case and caution should be exercised in allow young children unfettered access to social media.
Cyber Weekly Flash Briefing 15 May 2020: Attacks on UK up 30% in Q1, 238% surge against banks, Microsoft fixes 111 vulns, Adobe patches 36 vulns, Thunderspy, 73m user records for sale on dark web
Cyber Weekly Flash Briefing 15 May 2020: Attacks on UK up 30% in Q1, 238% surge against banks, Microsoft fixes 111 vulns, Adobe patches 36 vulns, Thunderspy, 73m user records for sale on dark web
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Cyber-Attacks on UK Organisations Up 30% in Q1 2020
New research has revealed that the volume of cyber-attacks on UK businesses increased by almost a third in the first three months of 2020.
Analysts identified 394,000 unique IP addresses used to attack UK businesses in the first quarter of 2020, discovering that companies with internet connections experienced 157,000 attacks each, on average – the equivalent of more than one a minute.
This rate of attack was 30% higher than the same period in 2019 when UK businesses received 120,000 internet-borne attempts to breach their systems each.
IoT applications were cited as the most common targets for cyber-criminals in the first quarter, attracting almost 19,000 online attacks per company. Company databases and file-sharing systems were also targeted frequently, with companies experiencing approximately 5000 attacks for each application, on average.
Read more here: https://www.infosecurity-magazine.com/news/cyberattacks-uk-orgs-up-30-q1/
COVID-19 blamed for 238% surge in cyber attacks against banks
The coronavirus pandemic has been connected to a 238% surge in cyber attacks against banks, new research claims.
On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyber attack attempts between February and April this year -- the same months in which COVID-19 began to spread rapidly across the globe.
The cyber security firm's research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyber attacks over the past 12 months, an increase of 13% year-over-year.
VMware Carbon Black data already indicates that close to a third -- 27% -- of all cyber attacks target either banks or the healthcare sector.
An interesting point in the report is how there appears to have been an uptick in financially-motivated attacks around pinnacles in the news cycle, such as when the US confirmed its first case of COVID-19.
In total, 82% of chief information officers contributing to the report said that alongside a spike in attacks, techniques also appear to be improving -- including the use of social engineering and more advanced tactics to exploit not only the human factor but also weak links caused by processes and technologies in use by the supply chain.
Read more here: https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/
May 2020 Patch Tuesday: Microsoft fixes 111 vulnerabilities, 13 Critical
Microsoft's May 2020 Patch Tuesday fell this week, and Microsoft have released fixes for 111 vulnerabilities in Microsoft products. Of these vulnerabilities, 13 are classified as Critical, 91 as Important, 3 as Moderate, and 4 as Low.
This month there are no zero-day or unpatched vulnerabilities.
Users should install these security updates as soon as possible to protect Windows from known security risks.
Read more here: https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/
Adobe issues patches for 36 vulnerabilities in DNG, Reader, Acrobat
Adobe has released security patches to resolve 36 vulnerabilities present in DNG, Reader, and Acrobat software.
On Tuesday, the software giant issued two security advisories (1, 2) detailing the bugs, the worst of which can be exploited by attackers to trigger remote code execution attacks and information leaks.
The first set of patches relate to Adobe Acrobat and Reader for Windows and macOS, including Acrobat / Acrobat Reader versions 2015 and 2017, as well as Acrobat and Acrobat Reader DC.
In total, 12 critical security flaws have been resolved. Six of the bugs, a single heap overflow problem, two out-of-bounds write errors, two buffer overflow issues, and two use-after-free vulnerabilities can all lead to arbitrary code execution in the context of the current user.
Read more here: https://www.zdnet.com/article/adobe-issues-patches-for-36-vulnerabilities-in-dng-reader-acrobat/
Thunderbolt flaw ‘Thunderspy’ allows access to a PC’s data in minutes
Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop’s hard drive within minutes, a security researcher from the Eindhoven University of Technology has announced. Reports state that the vulnerabilities affect all Thunderbolt-enabled PCs manufactured before 2019.
Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive. The entire process can reportedly be completed with a series of off-the-shelf components costing just a few hundred dollars. Perhaps most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the issues.
Read more here: https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops
A hacker group is selling more than 73 million user records on the dark web
A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products.
The hackers are the same group who breached last week Tokopedia, Indonesia's largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company's entire database of 91 million user records on sale for $5,000.
Encouraged and emboldened by the profits from the Tokopedia sale, the same group has, over the course of the current week, listed the databases of 10 more companies.
This includes user databases allegedly stolen from organizations such as:
· Online dating app Zoosk (30 million user records)
· Printing service Chatbooks (15 million user records)
· South Korean fashion platform SocialShare (6 million user records)
· Food delivery service Home Chef (8 million user records)
· Online marketplace Minted (5 million user records)
· Online newspaper Chronicle of Higher Education (3 million user records)
· South Korean furniture magazine GGuMim (2 million user records)
· Health magazine Mindful (2 million user records)
· Indonesia online store Bhinneka (1.2 million user records)
· US newspaper StarTribune (1 million user records)
The listed databases total for 73.2 million user records, which the hacker is selling for around $18,000, with each database sold separately.
Read more here: https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
A cybercrime store is selling access to more than 43,000 hacked servers
MagBo, a shadowy online marketplace where hackers sell and buy hacked servers, is doing better than ever and has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018.
Two years later, the MagBo portal has grown more than 14 times in size and is currently selling access to more than 43,000 hacked websites, up from the 3,000 sites listed in September 2018.
Today, MagBo has become the de-facto go-to marketplace for many cybercrime operations. Some groups register on the MagBo platform to sell hacked servers, while others are there just to buy.
Those who buy, do it either in bulk (for black-hat SEO or for malware distribution) or selectively, for intrusions at high-value target (e-commerce stores for web skimming, intranets for ransomware).
All in all, the MagBo platform cannot be ignored anymore, as it appears to be here to stay, and is placing itself at the heart of many of today's cybercrime operations.
Ransomware: Why paying the crooks can actually cost you more in the long run
Ransomware is so dangerous because in many cases the victim doesn't feel like they have any other option other than to pay up – especially if the alternative is the whole organisation being out of operation for weeks, or even months, as it attempts to rebuild the network from scratch.
But handing over a bitcoin ransom to cyber criminals can actually double the cost of recovery according to analysis by researchers at Sophos, published in the new State of Ransomware 2020 report, which has been released three years to the day from the start of the global WannaCry ransomware outbreak.
A survey of organisations affected by ransomware attacks found that the average total cost of a ransomware attack for organisations that paid the ransom is almost $1.4m, while for those who didn't give into ransom demands, the average cost is half of that, coming in at $732,000.
Often, this is because retrieving the encryption key from the attackers isn't a simple fix for the mess they created, meaning that not only does the organisation pay out a ransom, they also have additional costs around restoring the network when some portions of it are still locked down after the cyber criminals have taken their money.
According to the report, one in four organisations said they paid the ransom in order to get their files back. It's one of the key reasons why ransomware remains a successful tactic for crooks, because victims pay up – often sums of six-figures or more – and are therefore encouraging cyber criminals to continue with attacks that often can't be traced back to a culprit.
Read the full article here: https://www.zdnet.com/article/ransomware-why-paying-the-crooks-can-actually-cost-you-more-in-the-long-run/
This powerful Android malware stayed hidden for years, infecting tens of thousands of smartphones
A carefully managed hacking and espionage campaign is infecting smartphones with a potent form of Android malware, providing those behind it with total control of the device, while also remaining completely hidden from the user.
Mandrake spyware abuses legitimate Android functions to help gain access to everything on the compromised device in attacks that can gather almost any information about the user.
The attacker can browse and collect all data on the device, steal account credentials for accounts including banking applications. secretly take recordings of activity on the screen, track the GPS location of the user and more, all while continuously covering their tracks.
The full capabilities of Mandrake – which has been observed targeting users across Europe and the Americas – are detailed in a paper released by cybersecurity researchers this week. Mandrake has been active since 2016 and researchers previously detailed how the spyware operation was specifically targeting Australian users – but now it's targeting victims around the world.
Companies wrestle with growing cyber security threat: their own employees
Businesses deploy analytic tools to monitor staff as remote working increases data breach risk
As cyber criminals and hackers ramp up their attacks on businesses amid coronavirus-related disruption, companies are also facing another equally grave security threat: their own employees.
Companies are increasingly turning to Big Brother-style surveillance tools to stop staff from leaking or stealing sensitive data, as millions work away from the watchful eyes of their bosses and waves of job cuts leave some workers disgruntled.
In particular, a brisk market has sprung up for cyber security groups that wield machine learning and analytics to crunch data on employees’ activity and proactively flag worrying behaviours.
Read more here: https://www.ft.com/content/cae7905e-ced7-4562-b093-1ab58a557ff4
Cognizant: Ransomware Costs Could Reach $70m
IT services giant Cognizant has admitted that a ransomware attack it suffered back in April may end up costing the company as much as $70m.
The firm announced revenue of $4.2bn for the first quarter of 2020, an increase of 2.8% year-on-year. In this context, the $50-70m hit it expects to take in Q2 from the ransomware attack will not make a huge impact on the company.
However, the big numbers involved are illustrative of the persistent financial threat posed by ransomware, not to mention the reputational impact on customers.
The firm claimed on an earnings call that the company responded immediately to the threat, proactively taking systems offline after some internal assets were compromised. However, the resulting downtime and suspension of some customer accounts took their toll financially.
“Some clients opted to suspend our access to their networks,” they explained. “Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”
Remote workers were also affected as the attack hit the firm’s system for supporting its distributed workforce during the current pandemic.
Read more: https://www.infosecurity-magazine.com/news/cognizant-ransomware-costs-could/
Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months
Package and mail delivery giant Pitney Bowes has suffered a second ransomware attack in the past seven months, ZDNet has learned.
The incident came to light earlier in the week after a ransomware gang known as Maze published a blog post claiming to have breached and encrypted the company's network.
The Maze crew provided proof of access in the form of 11 screenshots portraying directory listings from inside the company's computer network.
Pitney Bowes confirmed the incident stating they had detected a security incident related to Maze ransomware.
The company said it worked with third-party security consultants to take steps to stop the attack before any of its data was encrypted.
This is the second ransomware incident for Pitney Bowes in seven months.
In October 2019, Pitney Bowes disclosed a first ransomware attack. At the time, the company said it had some critical systems infected and encrypted by the Ryuk ransomware gang. The incident caused limited downtime to some package tracking systems.
Both the Ryuk and Maze ransomware gangs are what experts call "human-operated" ransomware strains. These types of ransomware infections take place after hackers breach a company's network, and take manual control of the malware to expand access to as many internal systems as possible before executing the actual ransomware to encrypt data and demand a ransom.
Read more here: https://www.zdnet.com/article/package-delivery-giant-pitney-bowes-confirms-second-ransomware-attack-in-7-months/
Law Firm Representing Drake, Lady Gaga, Madonna And More Hit By Cyber Attack As Hackers Claim To Have Stolen Personal Information And Contracts
A law firm representing many of the world's most famous celebrities has been hacked.
The website of Grubman Shire Meiselas & Sacks has been taken offline, and hackers claim to have stolen some 756GB of data relating to its clients.
Singers, actors and other stars have worked with the law firm, according to old versions of its website, with more than 200 very high-profile celebrities and companies said to have used its services.
They include Madonna, Lady Gaga, Elton John and Drake.
The hackers behind the attack claim to have person information on celebrities including letters, as well as official contracts.
Hackers have already released a purported screenshot of a Madonna contract in an attempt to prove they have access to personal files.
It is not known what the hackers are demanding in return for the files, or whether negotiations are ongoing.
"We can confirm that we've been victimised by a cyber-attack," the firm said in a media statement. "We have notified our clients and our staff.
"We have hired the world's experts who specialise in this area, and we are working around the clock to address these matters."
The hack used a piece of software known as REvil or Sodinokibi. Similar software took foreign exchange company Travelex offline in January, as part of a major hack.
Traditionally, such ransomware has been used to lock down computers and demand money from their owners to unlock them again, and grant access to files.
Increasingly, hackers threaten to release those files to the public if their demands are not met.
Read the original article: https://www.independent.co.uk/life-style/gadgets-and-tech/news/celebrity-hack-law-firm-cyber-attack-drake-madonna-lady-gaga-a9511976.html
Lights stay on despite cyber-attack on UK's electricity system
Britain’s energy system has fallen victim to a cyber-attack targeting the IT infrastructure used to run the electricity market.
The electricity system’s administrator, Elexon, confirmed that it was affected by a cyber-attack on Thursday afternoon but that the key systems used to govern the electricity market were not affected.
National Grid is investigating whether the attack could affect the part of its business tasked with keeping the lights on.
A spokesman for the energy system operator said electricity supplies had not been affected, and there were “robust cybersecurity measures in place” to make sure the UK continues to receive reliable electricity.
“We’re aware of a cyber intrusion on Elexon’s internal IT systems. We’re investigating the matter and any potential impact on our own IT networks,” he said.
Elexon is a vital part of the UK electricity market because it carefully monitors the electricity generated by energy companies to match this with what National Grid expects to receive, and to make sure that generators are paid the correct amount for the energy they generate.