A cyber incident review is a process or analysis undertaken after a cyber security incident or cyber attack has occurred.  It involves analysing the event in detail to understand what happened, why it happened and how it can be prevented in the future.

During February there have been a number of attacks reported on Universities in the UK.  There were reports of hackers attacking the universities of Cambridge, Manchester and Wolverhampton.  Systems were affected at all sites.  The disruption is the latest reported attack by Anonymous Sudan.  It is thought the attacks are related to the UK's support of Israel in the Gaza conflict.

The ICO has confirmed a data breach from Kent councils.  The breach was reported by three Kent councils who share the same IT support provider.  Canterbury, Dover and Thanet councils continue to be hampered by the disruptions of onlines services following a cyber incident.

The City of London Police is warning schools across the UK to be vigilant against phishing attacks targeting school networks. Multiple schools have reported receiving suspicious emails containing malicious attachments that have infected their networks with malware.

Once infected, the school's email systems are used to send malicious attachments to other schools.

You don't have a pdf plugin, but you can download the pdf file.


Help and Advice against Phi

We have previously reported how the Rhysida Ransomware has focused on attacking the education sector.  Recently the CISA, FBI and MS-ISAC have released a new joint Cyber Security Advisory to disseminate known Rhysida ransomware indicators of compromise, detection methods, tactics, techniques and procedures identified through recent investigations.

As a data protection officer we are seeing a rise in the number of cyber attacks on organisations.  We often find that the fact an actual crime has been committed is sometimes overlooked in the panic and need to recover data and get operations back up and running.  According to the National Crime Agency (NCA) cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals.  Cyber crime costs the UK billions of pounds, causes

The National Cyber Security Centre looks back at it's key developments and highlights over the last year in it's 2023 annual review. The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK’s technical authority for cyber security.

The British Computer Society (BCS) has recently published the biggest data leaks of 2023.  The leaks cover worldwide cyber attacks, but the lessons learned apply to organisations of all types all around the world.  The data breaches include The Guardian Newspaper, LastPass password manager, Royal Mail, MOVEit, Microsoft, The UK Electoral Commission.

An article by Computing magazine has reported that controls that Microsoft rolled out to protect Windows 11 from hackers seeking to exploit security vulnerabilities in hardware and device drivers are inadequate, security researchesrs at VMware claimed last week.

Several countries have pledged never to pay cyber criminal ransoms and to collectively work toward disrupting their financial systems.  The members affirmed their joint commitment to building their collective resilience to ransomware.  They will share data on ransomware perpetrators and techniques and establish a blacklist of information about digital wallets used to facilitate rasomware payments.

The NCSC has recently published an article about creating resistant cloud backups as a way to be more resistant to the effects of destructive ransomware.

We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data. 

The NSA and CISA Red and Blue teams recently shared the top ten cyber security misconfigurations.  The schools we have worked with that have suffered a cyber attack often find that there are configurations, upgrades or user access controls that were missed.  This advisory highlights all of those and more - these are not in-depth configurations, but often ones that are set up incorrectly and then not checked or updated as time goes by. Although the advisory is aimed at larger organisati