A data breach occurs when information held by an organisation is stolen or accessed without authorisation.

Criminals can then use this information when creating phishing messages (such as emails and texts) so that they appear legitimate. The message has been designed to make it sound like you're being individually targeted, when in reality the criminals are sending out millions of these scam messages. Criminals may even send messages pretending to be from an organisation that has suffered a recent data breach.

Various UK cybersecurity agencies have warned critical infrastructure leaders to protect their systems against the ‘Chinese Volt Typhoon’ hacking group.

The infrastructures they target are: aviation, water, energy, transportation, naval ports, internet service providers, communications services and utilities by exploiting vulnerabilities in small and end-of-life routers, firewalls and virtual private networks (VPNs), by often using administrator credentials and stolen passwords, or taking advantage of outmoded technology that has not had regular security updates.

Tarquin has joined the board as vice chairman of the Security Awareness Special Interest Group (the SASIG), a strong networking community for thousands of cybersecurity professionals, supporting the development of the industry through a series of physical events, webinars and masterclasses.

Cyber criminals are again impersonating Her Majesty’s Revenue and Customs (HMRC) branding to try to trick the public into sharing personal or financial details.

The scam operates by criminals sending fraudulent emails claiming that the recipient is eligible for a tax refund as they have overpaid on their National Insurance Contributions (NICs). The recipient is then encouraged to 'submit their tax refund request' via a link, which would send them to a fraudulent website designed to harvest their personal details.

Some of you may be aware of the press release from South Staffs Water at https://www.south-staffs-water.co.uk/news/important-statement. 

Specific details of the attack are not yet known, but the organisation is being supported effectively while they work through the disruption to their services.

Earlier this year, the National Cyber Security Centre (NCSC) suggested UK organisations bolster their cyber defences in response to the heightened threat in relation to the Russia-Ukraine conflict. In the months since NCSC published its guidance, there has been significant cyber activity in Ukraine – and the NCSC is reminding UK organisations to maintain their cyber resilience.

A report by the University of Cambridge highlights that internet-connected technology that is increasingly used in the agricultural industry could be vulnerable to exploitation, if not sufficiently protected.

CITS have been alerted to a recent WhatsApp scam, involving a  phishing campaign, impersonating WhatsApp’s voice message feature which has been spreading information-stealing malware.

CITS have been alerted to the following cyber threat - Cyber criminals are sending phishing emails inviting people to trace deliveries, only for them to fall victim to a chatbot scam.

Microsoft Security Update - Microsoft has recently released their latest security update.

Government announces Online Safety Bill - The government has announced the Online Safety Bill, which when implemented into legislation, will make it harder for fraudsters to scam victims through online fake adverts.

Information received from a CITS Member has made us aware that some individuals in the water industry have recently received an unexpected package through the post like the one above. These parcels contain a fraudulent thank you letter, an Amazon gift card and a USB device.

SonicWall researchers have revealed a growing trend of ransomeware attacks on their customers, which rose by 105% to 623.3 million attempted recorded incidents in 2021.

A particular malware threat known as ‘TA2541’ continues as a persistent threat to many industries. Email security company Proofpoint, has carried out research which has shown that attacks from the group often begin with unsophisticated phishing emails to staff members.

Cyber security authorities in the United States, Australia, and the United Kingdom saw an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally throughout 2021.

IT software provider Dilligent has revealed the results of their recent survey in which 450 senior finance and risk professionals at UK listed companies responded. The results indicated that UK businesses had lost £374 million in 2021 due to cyber breaches largely linked to staff working from home.